[VULNERABILITY ALERT] Advantech WISE-DeviceOn Server High-Risk Security Vulnerability (CVE-2025-34256), Please Verify and Patch Immediately

• Subject: [VULNERABILITY ALERT] Advantech WISE-DeviceOn Server High-Risk Security Vulnerability (CVE-2025-34256), Please Verify and Patch Immediately

• Content Description:
  • Forwarded from National Information Security Information Sharing and Analysis Center Security Alert NISAC-200-202512-00000075
  • Researchers have discovered a Use of Hard-coded Cryptographic Key vulnerability (CVE-2025-34256) in Advantech WISE-DeviceOn Server. A remote unauthenticated attacker could create their own tokens to impersonate any DeviceOn account, thereby gaining full control. Please verify and patch as soon as possible.
• Affected Platforms:
  • WISE-DeviceOn Server version 5.3.12
• Recommended Actions:
  • Please update WISE-DeviceOn Server to version 5.4 (inclusive) or later.
• Reference Material:
  1. https://nvd.nist.gov/vuln/detail/CVE-2025-34256
  2. https://advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY----DeviceOn.pdf

Computer and Communication Center
Network Systems Division, Respectfully