cvedb.io
CVE-2025-52577
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2025-07-11T00:15:26.430 · Last modified 2026-06-17T09:36:42.730

Summary

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account.

Affected products

advantech — iview

Does this affect you?

Add your gear to cvedb and we'll alert you only when advantech ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.