ГлавнаяУязвимости → CVE-2025-53515
8.8высокая

CVE-2025-53515

→ есть в БДУ: BDU:2025-08965 (на русском)
Описание (на английском; русское — в БДУ выше)

A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

Затрагиваемое ПО
Advantech Iview
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08