CVE-2025-34118
Linknat VOS Manager Path Traversal File Disclosure
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded. By injecting encoded traversal sequences such as '%c0%ae%c0%ae' into the request path, attackers can bypass input validation and disclose sensitive files.
| CWE | CWE-22 CWE-20 |
| Vendor | linknat technology |
| Product | vos manager |
| Published | Jul 16, 2025 |
| Last Updated | May 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for linknat technology vos manager
Be the first to know when new unknown vulnerabilities affecting linknat technology vos manager are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Linknat Technology / VOS Manager
0 โค VOS2009 0 โค VOS3000 2.1.9.06
References
linknat.com: http://www.linknat.com/ web.archive.org: https://web.archive.org/web/20151013001957/http://www.wooyun.org/bugs/wooyun-2010-0145458 raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linknat_vos_traversal.rb vulncheck.com: https://www.vulncheck.com/advisories/linknat-vos-manager-path-traversal-file-disclosure
Credits
zqsky of WooYun