CVE-2025-52459

Summary

A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information disclosure, including sensitive database credentials.

Affected Software

VendorProductVersion RangeStatus
AdvantechiView0 < 5.7.05 build 7057affected

Weaknesses

  • CWE-88: CWE-88

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References