← Voltar para CVEs
CVE-2025-52577
HIGH8.8
Descricao
A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado7/11/2025
Ultima modificacao7/23/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
advantech:iview
Fraquezas (CWE)
CWE-89CWE-89
Referencias
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08(ics-cert@hq.dhs.gov)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.