CVE 8.8 HIGH

Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type_CVE-2025-14849

December 18, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.

AI Analysis

Unrestricted file upload vulnerability allowing remote execution of arbitrary code

Basic Information

ID CVE-2025-14849

Source icscert

Published Dec 18, 2025 at 20:32

Affected Product

Vendor Advantech

Product WebAccess/SCADA

Version 9.2.1

Affected Versions Advantech WebAccess/SCADA 9.2.1

CWE Classification

CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Advantech

Product WebAccess/SCADA

Version 9.2.1

References

{
    "lastseen": "",
    "description": "Advantech WebAccess/SCADA\u00a0\nis vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.",
    "published": "2025-12-18T20:32:38.746Z",
    "modified": "2025-12-18T20:32:38.746Z",
    "type": "cve",
    "title": "Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type",
    "source": "icscert",
    "references": "https://www.advantech.com/en-us/support/details/installation?id=1-MS9MJV\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-352-06\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json",
    "id": "CVE-2025-14849",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Advantech WebAccess/SCADA 9.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WebAccess/SCADA",
    "version": "9.2.1",
    "vendor": "Advantech",
    "ai_description": "Unrestricted file upload vulnerability allowing remote execution of arbitrary code",
    "ai_severity": "High",
    "ai_vendor": "Advantech",
    "ai_product": "WebAccess/SCADA",
    "ai_version": "9.2.1",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply