CVE-2025-53475HIGH 8.8EPSS p89.8%

CVE-2025-53475CVE-2025-53475

Description

A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS4.28% probability of exploitation · percentile 89.8% · 2026-06-19T12:03:05Z
Published2025-07-11
Last modified2025-07-23

Underlying weaknesses· 1

CWE-89

References

  1. https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53515
CVE
CVE-2025-52577
CVE
CVE-2025-46268
CVE
CVE-2025-32857
CVE
CVE-2025-32835
CVE
CVE-2025-32870
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.