SQL Injection Flaw in Advantech iView Product
CVE-2025-13373

8.7HIGH

Key Information:

Vendor

Advantech
Status
Iview
Vendor
CVE Published:
4 December 2025

What is CVE-2025-13373?

Advantech iView versions 5.7.05.7057 and earlier exhibit a susceptibility that allows attackers to exploit improperly sanitized SNMP v1 trap requests on Port 162. This lack of validation can lead to the execution of malicious SQL commands, potentially compromising the confidentiality and integrity of the affected systems and their data. Users are advised to implement necessary patches to mitigate this risk and protect their network infrastructure.

Affected Version(s)

iView 5.7.05.7057

iView 5.8.1

References

https://www.advantech.com/zh-tw/support/details/firmware?...
https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...
https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

m00nback reported this vulnerability to CISA.
JSON
.
CVE-2025-13373 : SQL Injection Flaw in Advantech iView Product