CVE-2025-34350

UNKNOWN 0.0

UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so without enforcing authentication or restricting path inputs. As a result, an unauthenticated remote attacker can supply local filesystem paths to read arbitrary files accessible to the service account. On Windows deployments, providing a UNC path can also coerce the server into initiating outbound SMB authentication, potentially exposing NTLM credentials for offline cracking or relay. This issue may lead to sensitive information disclosure and, in some environments, enable further lateral movement.

CWE	CWE-22 CWE-918
Vendor	synergetic data systems, inc.
Product	unform server
Published	Nov 25, 2025
Last Updated	Feb 18, 2026

Stay Ahead of the Next One

Get instant alerts for synergetic data systems, inc. unform server

Be the first to know when new unknown vulnerabilities affecting synergetic data systems, inc. unform server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Synergetic Data Systems, Inc. / UnForm Server

0 < 10.1.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

unform.com: https://unform.com/download/uf101_readme.txt vulncheck.com: https://www.vulncheck.com/advisories/unform-server-doc-flow-unauthenticated-file-read

Credits

Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp. Jan A. Rodriguez, Pentester Jr., GM Sectec, Corp.