Argument Injection Vulnerability in Advantech iView Network Management
CVE-2025-53509

7.1HIGH

Key Information:

Vendor: Advantech
Status: Iview
Vendor: CVE Published:; 11 July 2025

What is CVE-2025-53509?

A security flaw in Advantech iView allows authenticated users with user-level privileges to perform argument injection through the NetworkServlet.restoreDatabase() function. The vulnerability occurs when input parameters are directly passed to a command without adequate sanitization, which may lead to arbitrary command execution. This can expose sensitive information, including database credentials, potentially compromising the integrity and confidentiality of the system.

Affected Version(s)

iView 0 < 5.7.05 build 7057

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.advantech.com/en/support/details/firmware-?id...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2025