CVE-2025-34047

High PUBLISHED

Leadsec VPN Path Traversal Arbitrary File Read

Beijing NetGuard Nebula Information Technology Co., Ltd. · Leadsec SSL VPN

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
8.7 High

At a Glance

A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

CVE Published
Jun 26, 2025
Exploitation Reported
Feb 04, 2026
CVSS
8.7 High
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Beijing NetGuard Nebula Information Technology Co., Ltd.
Leadsec SSL VPN

0

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.