What is CVE-2025-34098?

CVE-2025-34098 is a vulnerability in Riverbed Technology Steelhead Vcx, classified under Information Disclosure. Published 2025-07-10.

Is CVE-2025-34098 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Riverbed Technology Steelhead Vcx

CVE-2025-34098

A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacke…

Vulnerability class: Information Disclosure

EPSS: 0.684 (98.6th percentile) — read the EPSS interpretation.

Affected products

Riverbed Technology Steelhead Vcx — versions 9.6.0a, 9.6.1

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/… (exploit)
www.exploit-db.com/exploits/42101 (exploit)
vulncheck.com/advisories/riverbed-steel-head-vcx-authenticated-arbitrary-file-r… (third-party-advisory)

Frequently asked questions

What is CVE-2025-34098?: CVE-2025-34098 is a vulnerability in Riverbed Technology Steelhead Vcx, classified under Information Disclosure. Published 2025-07-10.
Is CVE-2025-34098 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.