CVE-2026-34025

CVE Database · CVE-2026-34025

CVE-2026-34025

· N/AReceived

CVSS v3.1

N/A

CVSS v4.0

5.3

EPSS

0.28%

Published

Jun 15, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.

Weaknesses (CWE)

CWE-290

References (2)

https://r.sec-consult.com/wertheim

https://wertheim-safes.com/safe-deposit-box-management/

KEV Catalog EPSS Scores Vendors All CVEs