Unrated severityNVD Advisory· Published Jul 10, 2025· Updated Jul 11, 2025

Advantech iView SQL Injection

CVE-2025-53475

Description

A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

Affected products

Advantech/iViewllm-fuzzy
Advantech/iViewv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.advantech.com/en/support/details/firmware-mitre
www.cisa.gov/news-events/ics-advisories/icsa-25-191-08mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000