CVE-2025-53509

High CVSS: 7.1

A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
information disclosure, including sensitive database credentials.

Vendor

Advantech

Product

Iview

CWE

CWE-88

Yayın Tarihi

2025-07-11 00:15:28

Güncelleme

2025-08-01 19:16:23

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-88 Iview HIGH Advantech 2025

Referanslar

https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08

Benzer Kayıtlar

Critical

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arb…

Medium

CVE-2025-67653

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence o…

Medium

CVE-2025-46268

Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands…

Medium

CVE-2025-14848

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the ex…

High

CVE-2025-14849

Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute ar…

High

CVE-2025-14850

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.