CVE-2025-14252
Unknown Unknown - Not Provided

Improper Access Control in Advantech SUSI Driver Enables Privilege Escalation

Vulnerability report for CVE-2025-14252, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-16

Last updated on: 2025-12-16

Assigner: TXOne

Description

An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-16
Last Modified
2025-12-16
Generated
2026-07-06
AI Q&A
2025-12-16
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
advantech susi *
advantech susi 5.0.24335

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Access Control flaw in the Advantech SUSI driver (susi.sys) versions 5.0.24335 and earlier. It allows attackers to read and write arbitrary memory, I/O ports, and Model-Specific Registers (MSRs). This means attackers can gain unauthorized access to system resources, potentially leading to privilege escalation, arbitrary code execution, and information disclosure. [1]

Impact Analysis

Exploitation of this vulnerability can result in attackers escalating their privileges on the affected system, executing arbitrary code, and disclosing sensitive information. This can compromise system integrity, confidentiality, and availability, potentially allowing attackers to take full control of the affected device. [1]

Mitigation Strategies

To mitigate this vulnerability, you should update the Advantech SUSI driver (susi.sys) to version 5.0.24336 or later, as this version contains the fix for the issue. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart