Path Traversal in Synergetic Data Systems Inc. Unform Server Manager
CVE-2025-34154
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.008 (51.4th percentile) — read the EPSS interpretation.
Affected products
- Synergetic Data Systems Inc. Unform Server Manager — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (vendor-advisory, patch)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)