CVE-2026-34025
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.
Risk Assessment
This vulnerability may lead to unauthorized access to the system by third parties, posing a serious threat to the security of the organization's data and operations.
Recommendation
It is recommended to implement additional identity verification mechanisms and to limit trust in the X-Forwarded-For header to prevent IP address spoofing.
Original NVD description (English source)
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.

