sornram9254/Local File Inclusion in Vasco Self-Service Portal ≤ 3.14.md

## Local File Inclusion in Vasco Self-Service Portal ≤ 3.14.md

      
    Raw
  

              Local File Inclusion in Vasco Self-Service Portal ≤ 3.14.md
            
          
    📄 CVE Report: CVE-2025-25539

🏢 Publisher/Developer Information


Name: Vasco
Website: http://vasco.com


🛡️ Vulnerability Overview


CVE ID: CVE-2025-25539
Title: Local File Inclusion in Vasco Self-Service Portal ≤ 3.14
Published Date: 2025-05-21
Last Updated: 2025-05-21


🔍 Description

A Local File Inclusion (LFI) vulnerability exists in Vasco's Self-Service Portal version 3.14 and earlier. A remote attacker can exploit this issue through the help menu to gain unauthorized access to sensitive files on the host system. This includes potential access to server-side configuration files.

🖥️ Affected Products


Product Name
Version
Platform
Status


Self-Service Portal
≤ 3.14
Windows/Linux
Vulnerable


⚙️ Exploit Details


Attack Vector: Remote
Authentication Required: No
Privileges Required: None
User Interaction: Required (via Help Menu)