SQL Injection Vulnerability in Advantech WebAccess/VPN by Advantech
CVE-2025-34247

5.1MEDIUM

Key Information:

Vendor

Advantech
Status
Webaccess/vpn
Vendor
CVE Published:
6 November 2025

What is CVE-2025-34247?

Advantech WebAccess/VPN prior to version 1.1.5 is vulnerable to SQL injection through the NetworksController.addNetworkAction() function. This flaw allows authenticated users with low privileges to exploit datatable search parameters, potentially disclosing sensitive database information. Organizations using this software should immediately assess their systems and apply the necessary patches to mitigate risks. For detailed information, refer to the vendor advisory and third-party assessments.

Affected Version(s)

WebAccess/VPN 0 < 1.1.5

References

https://icr.advantech.com/support/router-models/download/...
vendor-advisorypatch
https://www.vulncheck.com/advisories/advantech-webaccess-...
third-party-advisory
https://icr.advantech.com/download/software
product

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alex Williams from Pellera Technologies
JSON
.
CVE-2025-34247 : SQL Injection Vulnerability in Advantech WebAccess/VPN by Advantech