CVE-2025-62630

High CVSS: 8.7

Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to traverse directories and achieve remote
code execution with system-level permissions.

Vendor

Advantech

Product

Deviceon\/iedge

CWE

CWE-22

Yayın Tarihi

2025-11-06 23:15:37

Güncelleme

2025-11-19 20:17:47

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-22 Deviceon\/iedge HIGH Advantech 2025

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json https://www.advantech.com/emt/contact https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01

Benzer Kayıtlar

Critical

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arb…

Medium

CVE-2025-67653

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence o…

Medium

CVE-2025-46268

Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands…

Medium

CVE-2025-14848

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the ex…

High

CVE-2025-14849

Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute ar…

High

CVE-2025-14850

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.