【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in Advantech WISE-DeviceOn Server (CVE-2025-34256). Please promptly verify and apply the necessary fixes.

publish date : 2025-12-19 update date : 2025-12-19

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025121701121212	Publication Time	2025/12/17 13:24
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/12/17 13:24
Impact Level	Medium
[Subject] 【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in Advantech WISE-DeviceOn Server (CVE-2025-34256). Please promptly verify and apply the necessary fixes.
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202512-00000075 Researchers have discovered a Use of Hard-coded Cryptographic Key vulnerability (CVE-2025-34256) in Advantech WISE-DeviceOn Server. An unauthenticated remote attacker can craft tokens to impersonate any DeviceOn account, thereby obtaining full control. Please promptly verify and apply the necessary fixes. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] WISE-DeviceOn Server version 5.3.12
[Recommended Actions] Please update WISE-DeviceOn Server to version 5.4 or later
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-34256 2. https://advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY----DeviceOn.pdf

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share