CVE-2025-48891

High CVSS 7.6

Overview

A vulnerability exists in Advantech iView that could allow for SQL
injection through the CUtils.checkSQLInjection() function. This
vulnerability can be exploited by an authenticated attacker with at
least user-level privileges, potentially leading to information
disclosure or a denial-of-service condition.

CWE: CWE-89 Published: 2025-07-11T00:15:25.920

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.6 (HIGH)
Detected tags: info_leak, sql (tag impact: MODERATE)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags