[VULNERABILITY ALERT] Advantech WISE-DeviceOn Server High-Risk Security Vulnerability (CVE-2025-34256), Please Verify and Patch Immediately

POSTING DATE: 2025/12/17

Subject: [VULNERABILITY ALERT] Advantech WISE-DeviceOn Server High-Risk Security Vulnerability (CVE-2025-34256), Please Verify and Patch Immediately

Content Description:
- Forwarded from National Information Security Information Sharing and Analysis Center Security Alert NISAC-200-202512-00000075
- Researchers have discovered a Use of Hard-coded Cryptographic Key vulnerability (CVE-2025-34256) in Advantech WISE-DeviceOn Server. A remote unauthenticated attacker could create their own tokens to impersonate any DeviceOn account, thereby gaining full control. Please verify and patch as soon as possible.
Affected Platforms:
- WISE-DeviceOn Server version 5.3.12
Recommended Actions:
- Please update WISE-DeviceOn Server to version 5.4 (inclusive) or later.
Reference Material:
1. https://nvd.nist.gov/vuln/detail/CVE-2025-34256
2. https://advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY----DeviceOn.pdf

Computer and Communication Center
Network Systems Division, Respectfully