Session Hijacking Risk in Unencrypted HTTP Product by Vendor
CVE-2025-48463

3.1LOW

Key Information:

Vendor: Advantech
Status: Advantech Wireless Sensing And Equipment (wise)
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-48463?

This vulnerability allows attackers to exploit unencrypted HTTP communication within the affected product, enabling them to intercept sensitive data and execute session hijacking. The lack of encryption can lead to unauthorized access and potential data tampering, posing a significant risk to users.

Affected Version(s)

Advantech Wireless Sensing and Equipment (WISE) A2.01 B00

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-20...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
May 22, 2025

Credit

Chua Wei Xun