CVE-2025-14849
published 2025-12-18CVE-2025-14849: Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.8th percentile
Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess_scada | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-14849 is an unrestricted file upload (CWE-434) vulnerability in Advantech WebAccess/SCADA 9.2.1 that allows authenticated remote code execution — monitor for unexpected file uploads to the WebAccess/SCADA web interface, especially files with executable or script extensions. ↗
- →Exploitation requires authentication (PR:L) over the network (AV:N) with no user interaction (UI:N) — alert on authenticated POST requests uploading files to WebAccess/SCADA endpoints on version 9.2.1. ↗
- →Only Advantech WebAccess/SCADA version 9.2.1 is confirmed affected; version 9.2.2 is the patched release — inventory and flag any internet-exposed instances running 9.2.1. ↗
- ·No known public exploitation has been reported at time of advisory publication — no in-the-wild IOCs (hashes, IPs, domains, URLs) are available from these sources. ↗
- ·The advisory covers multiple CVEs (CVE-2025-14850, CVE-2025-14849, CVE-2025-14848, CVE-2025-46268, CVE-2025-67653) affecting the same product version; detection logic should account for the full vulnerability set, not just CVE-2025-14849. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52hq-8xj9-8pmr: Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code
ghsa_unreviewed·2025-12-18
CVE-2025-14849 [HIGH] CWE-434 GHSA-52hq-8xj9-8pmr: Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code
Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
CISA ICS
Advantech WebAccess/SCADA
cisa_ics·2025-12-18·CVSS 4.3
CVE-2025-14850 [MEDIUM] Advantech WebAccess/SCADA
ICS Advisory
##
Advantech WebAccess/SCADA
Release DateDecember 18, 2025
Alert CodeICSA-25-352-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities could allow an authenticated attacker to read or modify a remote database.
The following versions of Advantech WebAccess/SCADA are affected:
- WebAccess/SCADA (CVE-2025-14850, CVE-2025-14849, CVE-2025-14848, CVE-2025-46268, CVE-2025-67653)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 8.8
| Advantech
| Advantech WebAccess/SCADA
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type, Absolute Path Traversal, Improper Neutralization of Sp
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-18
Published