Directory Traversal Vulnerability in Advantech iView Product
CVE-2025-46704

5.3MEDIUM

Key Information:

Vendor: Advantech
Status: Iview
Vendor: CVE Published:; 11 July 2025

What is CVE-2025-46704?

A vulnerability has been detected in the Advantech iView product that permits directory traversal attacks via the NetworkServlet.processImportRequest() method. This flaw allows authenticated attackers with user-level permissions to exploit a specific parameter that lacks adequate sanitization and normalization. Consequently, an attacker could potentially gain insight into the existence of arbitrary files on the server, posing a significant risk to sensitive data.

Affected Version(s)

iView 0 < 5.7.05 build 7057

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.advantech.com/en/support/details/firmware-?id...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2025