SQL Injection Vulnerability in Advantech WebAccess/VPN Product
CVE-2025-34241
5.3MEDIUM
What is CVE-2025-34241?
A SQL injection vulnerability exists in Advantech WebAccess/VPN versions prior to 1.1.5 within the AjaxDeviceController.ajaxDeviceAction() function. This flaw allows authenticated low-privileged users to inject malicious SQL via data table search parameters, potentially exposing sensitive database information.
Affected Version(s)
WebAccess/VPN 0 < 1.1.5