【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in Advantech WISE-DeviceOn Server (CVE-2025-34256). Please promptly verify and apply the necessary fixes.

publish date : 2025-12-19 update date : 2025-12-19

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025121701121212 Publication Time 2025/12/17 13:24
Incident Type ANA-Vulnerability Alert Discovery Time 2025/12/17 13:24
Impact Level Medium  
[Subject]
【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in Advantech WISE-DeviceOn Server (CVE-2025-34256). Please promptly verify and apply the necessary fixes.
[Content]
Forwarded from the National Institute of Cyber Security NISAC-200-202512-00000075

Researchers have discovered a Use of Hard-coded Cryptographic Key vulnerability (CVE-2025-34256) in Advantech WISE-DeviceOn Server. An unauthenticated remote attacker can craft tokens to impersonate any DeviceOn account, thereby obtaining full control. Please promptly verify and apply the necessary fixes.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
WISE-DeviceOn Server version 5.3.12
[Recommended Actions]
Please update WISE-DeviceOn Server to version 5.4 or later

[Reference]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-34256

2. https://advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY----DeviceOn.pdf
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center