CVE 8.7 HIGH

Advantech iView SQL Injection_CVE-2025-13373

December 4, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.

AI Analysis

SQL injection vulnerability in Advantech iView versions 5.7.05.7057 and prior due to improper sanitization of SNMP v1 trap requests

Basic Information

ID CVE-2025-13373

Source icscert

Published Dec 4, 2025 at 22:50

Affected Product

Vendor Advantech

Product iView

Version 5.7.05.7057

Affected Versions Advantech iView 5.7.05.7057

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Advantech

Product iView

Version 5.7.05.7057

References

{
    "lastseen": "",
    "description": "Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.",
    "published": "2025-12-04T22:50:36.079Z",
    "modified": "2025-12-04T22:50:36.079Z",
    "type": "cve",
    "title": "Advantech iView SQL Injection",
    "source": "icscert",
    "references": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-338-07\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-07.json",
    "id": "CVE-2025-13373",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Advantech iView 5.7.05.7057",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iView",
    "version": "5.7.05.7057",
    "vendor": "Advantech",
    "ai_description": "SQL injection vulnerability in Advantech iView versions 5.7.05.7057 and prior due to improper sanitization of SNMP v1 trap requests",
    "ai_severity": "High",
    "ai_vendor": "Advantech",
    "ai_product": "iView",
    "ai_version": "5.7.05.7057",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply