CVE-2026-34025
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014 | affected |
Weaknesses
- CWE-290: CWE-290 Authentication bypass by spoofing
Workarounds
Restrict access to the SafeController web application to trusted network locations using infrastructure-level controls. Do not rely on client-supplied HTTP headers such as X-Forwarded-For for access-control or login security decisions unless they are set and normalized by a trusted reverse proxy and stripped from untrusted client requests. Review reverse proxy and web server configuration to ensure forwarded client IP headers cannot be spoofed by external clients. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.