CVE-2025-52577 HIGH

CVE-2025-52577: Advantech iView SQL Injection

Vendor Advantech

Product iView

Weakness CWE-89 · SQLi

Published July 10, 2025

Last update July 11, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

Key dates

02Disclosure timeline

July 10, 2025 CVE published

July 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-52577

Related vulnerabilities

CVE-2025-52577: Advantech iView SQL Injection

01Description

02Disclosure timeline

03References

04Related CVE