SQL Injection Vulnerability in Advantech iView Product
CVE-2025-52577

8.7HIGH

Key Information:

Vendor: Advantech
Status: Iview
Vendor: CVE Published:; 11 July 2025

What is CVE-2025-52577?

A vulnerability in the Advantech iView product allows for SQL injection, exploitable through the NetworkServlet.archiveTrapRange() function. This issue necessitates that the attacker be authenticated with at least user-level privileges. Improper sanitization of specific input parameters enables attackers to execute SQL commands, which may lead to unauthorized remote code execution under the 'nt authority\local service' account. This can significantly compromise the security of the affected system.

Affected Version(s)

iView 0 < 5.7.05 build 7057

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.advantech.com/en/support/details/firmware-?id...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2025