CVE-2025-53515

Severity CVSS v4.0:
HIGH
Type:
CWE-89 SQL Injection
Publication date:
11/07/2025
Last modified:
11/07/2025

Description

A vulnerability exists in Advantech iView that allows for SQL injection <br /> and remote code execution through NetworkServlet.archiveTrap(). This <br /> issue requires an authenticated attacker with at least user-level <br /> privileges. Certain input parameters are not sanitized, allowing an <br /> attacker to perform SQL injection and potentially execute code in the <br /> context of the &amp;#39;nt authority\local service&amp;#39; account.