CVE Catalog

CVE-2026-34025

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.

Risk Assessment

This vulnerability may lead to unauthorized access to the system by third parties, posing a serious threat to the security of the organization's data and operations.

Recommendation

It is recommended to implement additional identity verification mechanisms and to limit trust in the X-Forwarded-For header to prevent IP address spoofing.

Original NVD description (English source)

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS