CVE-2026-34025

Summary

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.

Affected Software

VendorProductVersion RangeStatus
Wertheim GmbHWertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014affected

Weaknesses

  • CWE-290: CWE-290 Authentication bypass by spoofing

Workarounds

Restrict access to the SafeController web application to trusted network locations using infrastructure-level controls. Do not rely on client-supplied HTTP headers such as X-Forwarded-For for access-control or login security decisions unless they are set and normalized by a trusted reverse proxy and stripped from untrusted client requests. Review reverse proxy and web server configuration to ensure forwarded client IP headers cannot be spoofed by external clients. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References