UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read

Advisories

severity: critical
date: August 13, 2025
Affecting: UnForm Server Manager < v10.1.12
CVE: CVE-2025-34154
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS: 9.2
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
References: UnForm Advisory
Researcher Disclosure
Product Site
Credit: Jan Rodriguez of GM Sectec