Stored Cross-Site Scripting Vulnerability in Vulnerable Product by Affected Vendor
CVE-2025-48470

4.1MEDIUM

Key Information:

Vendor: Advantech
Status: Advantech Wireless Sensing And Equipment (wise)
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-48470?

The stored cross-site scripting vulnerability allows attackers to inject harmful scripts into input fields of the affected product. Once these scripts are executed in the browsers of other users, they can lead to serious security breaches, including session hijacking, unauthorized credential access, and privilege escalation. This vulnerability emphasizes the need for robust input validation and sanitization measures to prevent exploitation.

Affected Version(s)

Advantech Wireless Sensing and Equipment (WISE) A2.01 B00

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-20...

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
May 22, 2025

Credit

Jay Turla

Japz Divino

Jerold Camacho