CVE-2025-52459

Name of the Vulnerable Software and Affected Versions: Advantech iView (affected versions not specified)

Description: A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.backupDatabase() function. An authenticated attacker with user-level privileges can inject arbitrary arguments due to improper sanitization of certain parameters used in commands. This can lead to information disclosure, including sensitive database credentials.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the NetworkServlet.backupDatabase() function to minimize the risk of exploitation. Ensure proper sanitization of all input parameters used in command execution within the NetworkServlet class.