CVE-2025-13373
published 2025-12-04CVE-2025-13373: Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
PriorityP351high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.38%
29.9th percentile
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | iview | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech iView
cisa_ics·2025-12-04·CVSS 7.5
[HIGH] Advantech iView
ICS Advisory
##
Advantech iView
Release DateDecember 04, 2025
Alert CodeICSA-25-338-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Advantech
- Equipment: iView
- Vulnerability: SQL Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify, or delete data.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Advantech products are affected:
- iView: 5.7.05.7057
## 3.2 VULNERABILITY OVERVIEW
## 3.2.1 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-89
Advantech
GHSA
GHSA-3w9v-5hv6-vvfx: Advantech iView versions 5
ghsa_unreviewed·2025-12-05
CVE-2025-13373 [HIGH] CWE-89 GHSA-3w9v-5hv6-vvfx: Advantech iView versions 5
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-04
Published