CVE-2025-48891

EUVD-2025-21082
A vulnerability exists in Advantech iView that could allow for SQL 
injection through the CUtils.checkSQLInjection() function. This 
vulnerability can be exploited by an authenticated attacker with at 
least user-level privileges, potentially leading to information 
disclosure or a denial-of-service condition.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
icscertCNA
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
advantechiview
𝑥
< 5.7.05.7057
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08