CVE-2025-53515HIGH 8.8EPSS p38.8%

CVE-2025-53515CVE-2025-53515

Description

A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.8% · 2026-06-18T12:00:27Z
Published2025-07-11
Last modified2025-08-01

Underlying weaknesses· 1

CWE-89

References

  1. https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52577
CVE
CVE-2025-53475
CVE
CVE-2025-46268
CVE
CVE-2025-32835
CVE
CVE-2025-4559
CVE
CVE-2025-32853
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.