CVE-2025-34256

|
CVE-2025-34256 vulnerability security critical severity CVE database Advantech WISE-DeviceOn JWT Authentication Bypass Hardcoded Key

Summary

CVE-2025-34256 is a critical severity vulnerability affecting Advantech WISE-DeviceOn Server versions prior to 5.4. It stems from a hard-coded cryptographic key used for signing JWTs, allowing unauthenticated attackers to forge tokens and impersonate any user, including the root administrator.

Technical Details

Advantech WISE-DeviceOn Server versions before 5.4 utilize a static HS512 HMAC secret for signing EIRMMToken JWTs. This hard-coded key is consistent across all installations of the affected software. An attacker can exploit this vulnerability by crafting a JWT containing a valid email claim and signing it with the known static key. The server, upon receiving this forged JWT, validates it as legitimate, granting the attacker access to the corresponding account. This allows a remote, unauthenticated attacker to bypass authentication and gain full administrative control over the DeviceOn instance. The vulnerability lies in the insecure use of cryptography, specifically the reliance on a shared secret across multiple deployments.

Affected Products and Versions

  • Advantech WISE-DeviceOn Server versions prior to 5.4

Impact Assessment

Successful exploitation of CVE-2025-34256 allows a remote, unauthenticated attacker to gain complete administrative control of the affected WISE-DeviceOn Server. This can lead to a number of severe consequences:

  • Full System Compromise: The attacker can execute arbitrary code on the server and potentially on managed agents through DeviceOn's remote management features.
  • Data Breach: Sensitive data stored within the DeviceOn system, including device configurations, user credentials, and operational data, can be accessed and exfiltrated.
  • Denial of Service: The attacker can disrupt the normal operation of the DeviceOn server and managed devices, leading to a denial of service.
  • Lateral Movement: The compromised DeviceOn server can be used as a pivot point to attack other systems within the network.

Remediation

Immediate Actions

  • Upgrade to Version 5.4 or later: Advantech has released a patched version of WISE-DeviceOn Server (5.4) that addresses this vulnerability. Immediately upgrade to this version or a later version.
  • Monitor for Suspicious Activity: Closely monitor network traffic and system logs for any signs of unauthorized access or malicious activity.

Long-term Solutions

  • Implement Strong Authentication Mechanisms: Ensure that future versions of the software utilize robust authentication mechanisms, such as strong password policies, multi-factor authentication, and proper key management practices.
  • Regular Security Audits: Conduct regular security audits and penetration testing to identify and address potential vulnerabilities.

References

Detection & Scanning

Detecting CVE-2025-34256 requires identifying vulnerable versions of Advantech WISE-DeviceOn Server and analyzing network traffic for suspicious JWT authentication attempts. Network intrusion detection systems (IDS) can be configured to look for JWTs signed with the known hardcoded key. Vulnerability scanners can also be used to identify systems running affected versions of the software.

Scan Your Website

Secably AI Scanner can detect this and 50+ other vulnerabilities automatically.

Start Free Scan

Scan Your Website for Vulnerabilities

Discover security issues before attackers do. Our AI-powered scanner checks for the vulnerabilities discussed in this guide and more.

Start Free Scan