← Volver a CVEs
CVE-2025-53475
HIGH8.8
Descripcion
A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado7/11/2025
Ultima modificacion7/23/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
advantech:iview
Debilidades (CWE)
CWE-89CWE-89
Referencias
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08(ics-cert@hq.dhs.gov)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.