Firmware Update Exploit in Affected Product from Vendor
CVE-2025-48469

9.6CRITICAL

Key Information:

Vendor: Advantech
Status: Advantech Wireless Sensing And Equipment (wise)
Vendor: CVE Published:; 24 June 2025

Badges

📰 News Worthy

What is CVE-2025-48469?

A vulnerability exists that allows unauthorized users to upload firmware via a publicly accessible update page. This can lead to unauthorized installation of backdoors or escalate privileges within the system, posing a significant security risk. Keeping systems updated and monitoring access to update functionalities is crucial to prevent exploitation.

Affected Version(s)

Advantech Wireless Sensing and Equipment (WISE) A2.01 B00

News Articles

Cyber Security Agency of Singapore

CVE-2025-48466 CVE-2025-48469

Multiple Vulnerabilities in Advantech Products

Advantech has released security updates and mitigation measures addressing multiple vulnerabilities in their products. Users and administrators of affected...

3 weeks ago

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-20...

https://jro.sg/CVEs/CVE-2025-48469/

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Cyber Security Agency of Singapore
Jun 26, 2025
Vulnerability published
Jun 24, 2025
Vulnerability Reserved
May 22, 2025

Credit

Lam Jun Rong