Argument Injection Vulnerability in Advantech iView Network Servlet
CVE-2025-52459

7.1HIGH

Key Information:

Vendor: Advantech
Status: Iview
Vendor: CVE Published:; 11 July 2025

What is CVE-2025-52459?

A vulnerability in Advantech iView allows authenticated attackers with user-level privileges to exploit the NetworkServlet.backupDatabase() function. This security flaw arises due to inadequate sanitization of specific parameters, enabling attackers to inject arbitrary arguments directly into a command. Consequently, this exposes sensitive information, including database credentials, heightening the risk of unauthorized access and data breaches.

Affected Version(s)

iView 0 < 5.7.05 build 7057

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.advantech.com/en/support/details/firmware-?id...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2025