Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52577

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

Published

2025-07-11T00:15:26.430

Last Modified

2025-07-23T19:20:13.513

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-89
Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	advantech	iview	< 5.7.05.7057	Yes

References

https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 Product ([email protected])
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 Third Party Advisory, US Government Resource ([email protected])