Firmware Update Exploit in Affected Product from Vendor
CVE-2025-48469

9.6CRITICAL

Key Information:

Vendor: Advantech
Status: Advantech Wireless Sensing And Equipment (wise)
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-48469?

A vulnerability exists that allows unauthorized users to upload firmware via a publicly accessible update page. This can lead to unauthorized installation of backdoors or escalate privileges within the system, posing a significant security risk. Keeping systems updated and monitoring access to update functionalities is crucial to prevent exploitation.

Affected Version(s)

Advantech Wireless Sensing and Equipment (WISE) A2.01 B00

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-20...

https://jro.sg/CVEs/CVE-2025-48469/

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
May 22, 2025

Credit

Lam Jun Rong