CVE-2025-53475

Name of the Vulnerable Software and Affected Versions: Advantech iView (affected versions not specified)

Description: A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution. The issue resides in the NetworkServlet.getNextTrapPage() function, where certain parameters are not properly sanitized. An authenticated attacker with user-level privileges can exploit this to perform SQL injection and potentially execute code in the context of the 'nt authoritylocal service' account.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.