CVE-2025-52577 Information
Jul 12, 2025
cve
Description
A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized allowing an attacker to perform SQL injection and potentially execute code in the context of the ’nt authority\local service’ account.
Reference
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08
Related CNNVD
CNNVD-202507-1601 (Published: 2025-07-11)
Share on: