CVE-2014-125125

UNKNOWN 0.0

A10 Networks AX Loadbalancer Path Traversal

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.

CWE	CWE-22 CWE-706
Vendor	a10 networks
Product	ax series loadbalancer
Published	Jul 31, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for a10 networks ax series loadbalancer

Be the first to know when new unknown vulnerabilities affecting a10 networks ax series loadbalancer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

A10 Networks / AX Series Loadbalancer

* ≤ 2.6.1-GR1-P5 * ≤ 2.7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/a10networks_ax_directory_traversal.rb exploit-db.com: https://www.exploit-db.com/exploits/31261 vulncheck.com: https://www.vulncheck.com/advisories/a10-networks-ax-loadbalancer-path-traversal

Credits

xistence