CVE-2025-53475

A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*

History

23 Jul 2025, 19:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:advantech:iview::::::::
First Time		Advantech iview Advantech
References	~~() https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 -~~	() https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 - Product
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 - Third Party Advisory, US Government Resource

15 Jul 2025, 13:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-11 00:15

Updated : 2025-07-23 19:19

NVD link : CVE-2025-53475

Mitre link : CVE-2025-53475

CVE.ORG link : CVE-2025-53475

JSON object : View

Products Affected

advantech

iview

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2025-53475", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-11T00:15:27.107", "references": [{"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183", "tags": ["Product"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Advantech iView that could allow for SQL \ninjection and remote code execution through \nNetworkServlet.getNextTrapPage(). This issue requires an authenticated \nattacker with at least user-level privileges. Certain parameters in this\n function are not properly sanitized, allowing an attacker to perform \nSQL injection and potentially execute code in the context of the 'nt \nauthority\\local service' account."}, {"lang": "es", "value": "Existe una vulnerabilidad en Advantech iView que podr\u00eda permitir la inyecci\u00f3n SQL y la ejecuci\u00f3n remota de c\u00f3digo mediante NetworkServlet.getNextTrapPage(). Este problema requiere un atacante autenticado con al menos privilegios de usuario. Ciertos par\u00e1metros de esta funci\u00f3n no se depuran correctamente, lo que permite a un atacante realizar una inyecci\u00f3n SQL y potencialmente ejecutar c\u00f3digo en el contexto de la cuenta 'nt authority\\local service'."}], "lastModified": "2025-07-23T19:19:37.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43", "versionEndExcluding": "5.7.05.7057"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}