CVE-2025-53509
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
11/07/2025
Last modified:
11/07/2025
Description
A vulnerability exists in Advantech iView that allows for argument <br />
injection in the NetworkServlet.restoreDatabase(). This issue requires <br />
an authenticated attacker with at least user-level privileges. An input <br />
parameter can be used directly in a command without proper sanitization,<br />
allowing arbitrary arguments to be injected. This can result in <br />
information disclosure, including sensitive database credentials.
Impact
Base Score 4.0
7.10
Severity 4.0
HIGH
Base Score 3.x
6.50
Severity 3.x
MEDIUM