CVE-2025-46704

A vulnerability exists in Advantech iView in 
NetworkServlet.processImportRequest() that could allow for a directory 
traversal attack. This issue requires an authenticated attacker with at 
least user-level privileges. A specific parameter is not properly 
sanitized or normalized, potentially allowing an attacker to determine 
the existence of arbitrary files on the server.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
icscertCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
advantechiview
𝑥
< 5.7.05.7057
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08