and remote code execution through NetworkServlet.archiveTrap(). This
issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not sanitized, allowing an
attacker to perform SQL injection and potentially execute code in the
context of the 'nt authority\local service' account.
Metrics
Affected Vendors & Products
Fri, 01 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:* |
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Fri, 11 Jul 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 11 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
Thu, 10 Jul 2025 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. | |
Title | Advantech iView SQL Injection | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-07-11T13:57:41.891Z
Reserved: 2025-07-02T15:12:58.638Z
Link: CVE-2025-53515

Updated: 2025-07-11T13:57:33.572Z

Status : Analyzed
Published: 2025-07-11T00:15:28.547
Modified: 2025-08-01T19:13:59.507
Link: CVE-2025-53515

No data.

Updated: 2025-07-13T11:06:12Z