CVE-2025-58423

CVE-2025-58423, published on 2025-11-06, is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) stemming from insufficient sanitization of uploaded configuration files, classified under CWE-22 (path traversal). It affects Advantech products as documented in CISA ICS advisory ICSA-25-310-01. An attacker can upload a specially crafted configuration file to trigger denial-of-service conditions, perform directory traversal, or read/write arbitrary files within the context of the local system account.

The attack requires low privileges (PR:L) and can be conducted remotely over the network (AV:N) with low attack complexity and no user interaction. A remote authenticated attacker with low-level access can exploit this to achieve full confidentiality, integrity, and availability impacts, including arbitrary file read/write operations executed as the local system account or causing service disruptions via DoS.

Mitigation guidance is provided in the referenced advisories. Security practitioners should consult the CISA ICS advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01, the corresponding CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json, and contact Advantech support at https://www.advantech.com/emt/contact for patches or additional remediation steps.