SQL Injection Vulnerability in Advantech WebAccess/VPN
CVE-2025-34245

5.3MEDIUM

Key Information:

Vendor: Advantech
Status: Webaccess/vpn
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-34245?

Advantech WebAccess/VPN versions prior to 1.1.5 are susceptible to a SQL injection vulnerability within the AjaxStandaloneVpnClientsController.ajaxAction() method. This flaw permits low-privileged authenticated users to execute SQL injection attacks through datatable search parameters, potentially leading to unauthorized access to sensitive database information. Implementing the latest patches is crucial for securing the application against this intrusion risk.