Directory Traversal Vulnerability in Advantech iView Product
CVE-2025-46704

5.3MEDIUM

Key Information:

Vendor

Advantech
Status
Iview
Vendor
CVE Published:
11 July 2025

What is CVE-2025-46704?

A vulnerability has been detected in the Advantech iView product that permits directory traversal attacks via the NetworkServlet.processImportRequest() method. This flaw allows authenticated attackers with user-level permissions to exploit a specific parameter that lacks adequate sanitization and normalization. Consequently, an attacker could potentially gain insight into the existence of arbitrary files on the server, posing a significant risk to sensitive data.

Affected Version(s)

iView 0 < 5.7.05 build 7057

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...
https://www.advantech.com/en/support/details/firmware-?id...

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.
CVE-2025-46704 : Directory Traversal Vulnerability in Advantech iView Product