What is the CVSS score of CVE-2025-34022?

CVE-2025-34022 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H. EPSS exploitation probability: 0.4%.

Which versions of PHP are affected by CVE-2025-34022?

Selea Targa IP camera systems used for surveillance and access control contain a critical vulnerability allowing unauthenticated attackers to extract sensitive files, including administrative…

Is there a public PoC exploit available for CVE-2025-34022?

Yes, a public proof-of-concept exploit is available for CVE-2025-34022. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-34022?

Within 24 hours: Identify and inventory all Selea Targa camera models in your environment and isolate them to a dedicated VLAN with restricted network access. Within 7 days: Implement network-based controls (WAF/IDS rules blocking /common/get_file.php requests, disable the 'Download Archive in Storage' feature if possible, and require VPN access for device management). Within 30 days: Contact Selea for patch availability, evaluate replacement options, and conduct credential audit to identify any systems compromised via this vulnerability.

PHP CVE-2025-34022

EUVD-2025-18778 CRITICAL

Path Traversal (CWE-22)

2025-06-20 disclosure@vulncheck.com

PHP Authentication Bypass Path Traversal Information Disclosure

9.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18778

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

PoC Detected

Nov 20, 2025 - 22:15 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 19:15 nvd

CRITICAL 9.3

DescriptionCVE.org

A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

AnalysisAI

CVE-2025-34022 is an unauthenticated path traversal vulnerability in Selea Targa IP OCR-ANPR cameras affecting at least 9 models (iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, Targa 704 ILB). The /common/get_file.php script fails to validate the 'file' parameter, allowing remote attackers to read arbitrary files including system credentials in cleartext. Active exploitation was confirmed by Shadowserver Foundation on 2025-02-02 UTC, indicating this is not theoretical-it is actively weaponized in the wild.

Technical ContextAI

The vulnerability exists in the 'Download Archive in Storage' feature of Selea's IP-based ANPR (Automatic Number Plate Recognition) camera systems. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory—Path Traversal), wherein the /common/get_file.php endpoint accepts user-supplied input in the 'file' parameter without proper canonicalization or validation. Attackers can inject path traversal sequences (e.g., '../../../etc/passwd') to escape the intended directory and access system files. The affected products are industrial/commercial-grade IP cameras running proprietary firmware. No authentication is required to access this endpoint, making this a pre-authentication attack vector. The exposure of cleartext credentials suggests weak or absent server-side secret management, compounding the impact.

RemediationAI

Immediate actions: (1) Isolate affected Selea Targa IP cameras from internet-facing networks and restrict network access to trusted administrative networks only; (2) implement network segmentation and firewall rules to block access to port 80/443 on these devices from untrusted networks; (3) monitor for evidence of compromise by checking for unauthorized file access in logs (if available). Medium-term: (1) Contact Selea for vendor security advisory and patch availability—the CVE description does not specify patched versions, requiring vendor communication; (2) once patches are released, perform firmware updates on all affected models in a phased, tested manner; (3) change all default and shared credentials on the devices and implement strong administrative access controls. Long-term: (1) deploy intrusion detection/prevention (IDS/IPS) rules to detect path traversal attempts to /common/get_file.php with encoded payloads; (2) implement Web Application Firewall (WAF) rules if cameras are accessed through a proxy; (3) consider replacement of cameras with vendors demonstrating security maturity (secure SDLC, regular patching cycles).

More from same product – last 7 days

CVE-2026-49952 CRITICAL Act Now POC

9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce

CVE-2026-49954 HIGH This Week POC

8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to

CVE-2026-27053 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot

CVE-2026-49104 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

CVE-2025-34022 vulnerability details – vuln.today

Back

PHP CVE-2025-34022

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code