CVE-2025-53509
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-08-01
Assigner: ICS-CERT
Description
Description
A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
information disclosure, including sensitive database credentials.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advantech | iview | to 5.7.05.7057 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Advantech iView allows an authenticated user with at least user-level privileges to inject arbitrary arguments into the NetworkServlet.restoreDatabase() function. This happens because an input parameter is used directly in a command without proper sanitization, enabling the attacker to manipulate the command execution.
How can this vulnerability impact me? :
The vulnerability can lead to information disclosure, including exposure of sensitive database credentials, which could compromise the security of the system and its data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70