High Published: Nov 06, 2025 Modified: Nov 19, 2025

CVE-2025-59171

7.5 CVSS SCORE

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to traverse directories and achieve remote
code execution with system-level permissions.

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Affected Software Configurations

a advantech deviceon\/iedge * * * * * * * *

Weaknesses (CWE)

CWE-22
CWE-22

References & External Links

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json
https://www.advantech.com/emt/contact
https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker