What is CVE-2025-34126?

CVE-2025-34126 is a vulnerability in Rips Technologies Scanner, classified under Path Traversal. Published 2025-07-16.

Is CVE-2025-34126 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Rips Technologies Scanner

CVE-2025-34126

A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.847 (99.4th percentile) — read the EPSS interpretation.

Affected products

Rips Technologies Scanner — versions 0.54

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

codesec.blogspot.com/2015/03/rips-scanner-v-054-local-file-include.html (third-party-advisory, exploit)
www.exploit-db.com/exploits/18660 (exploit)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/… (exploit)
rips-scanner.sourceforge.net/ (product)
www.vulncheck.com/advisories/rips-scanner-path-traversal (third-party-advisory)

Frequently asked questions

What is CVE-2025-34126?: CVE-2025-34126 is a vulnerability in Rips Technologies Scanner, classified under Path Traversal. Published 2025-07-16.
Is CVE-2025-34126 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.