CVE-2025-52577 — HIGH (8.8)

Q: How severe is CVE-2025-52577?

CVE-2025-52577 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-52577?

Check the references section above for vendor advisories and patch information. Affected products include: Advantech Iview.

Vulnerability Description

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Advantech	Iview	< 5.7.05.7057

Related Weaknesses (CWE)

CWE-89

References

https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183Product
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2025-52577?

CVE-2025-52577 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at le...

How severe is CVE-2025-52577?

CVE-2025-52577 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-52577?

Check the references section above for vendor advisories and patch information. Affected products include: Advantech Iview.