Reflected Cross-Site Scripting Vulnerability in Advantech iView
CVE-2025-53519

5.1MEDIUM

Key Information:

Vendor: Advantech
Status: Iview
Vendor: CVE Published:; 11 July 2025

What is CVE-2025-53519?

A significant reflected cross-site scripting (XSS) vulnerability is present in Advantech iView versions prior to 5.7.05 build 7057. This flaw allows attackers to craft specific requests that, when executed, can inject malicious scripts into users' browsers. If successfully executed, this could lead to unauthorized actions, data exposure, or other harmful outcomes for users interacting with the affected product.

Affected Version(s)

iView 0 < 5.7.05 build 7057

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.advantech.com/en/support/details/firmware-?id...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2025