CVE-2025-52577

HIGH

Advantech iView < 5.7.05.7057 - SQLi & RCE via NetworkServlet.archiveTrapRange()

Title source: llm

Description

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

References (2)

Core 2

Core References

Product

https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08

Scores

CVSS v3 8.8

EPSS 0.0087

EPSS Percentile 75.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

advantech/iview < 5.7.05.7057

Published Jul 11, 2025

Tracked Since Feb 18, 2026