CVE-2025-41442

MEDIUM

Advantech iView < 5.7.05.7057 - Reflected Cross-Site Scripting via Input Parameter Manipulation

Title source: llm

Description

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

References (2)

Core 2

Core References

Product

https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08

Scores

CVSS v3 5.4

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

advantech/iview < 5.7.05.7057

Published Jul 11, 2025

Tracked Since Feb 18, 2026