CVE-2025-62630
Published: 06 November 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-62630 is a path traversal vulnerability (CWE-22) stemming from insufficient sanitization of uploaded configuration files, enabling directory traversal and subsequent remote code execution with system-level permissions. The vulnerability affects components detailed in CISA's Industrial Control Systems Advisory ICSA-25-310-01, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low complexity, and low privilege requirements.
An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network by uploading a specially crafted configuration file. Successful exploitation allows the attacker to traverse directories and execute arbitrary code with system-level permissions, potentially leading to full compromise of the affected system, including high impacts on confidentiality, integrity, and availability.
CISA's ICSA-25-310-01 advisory provides details on mitigation, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01, along with the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json. Vendors including Advantech recommend contacting support via https://www.advantech.com/emt/contact for patches and remediation guidance. The vulnerability was published on 2025-11-06.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote exploitation of a network-accessible application via path traversal in uploaded configuration files, enabling arbitrary code execution with system-level privileges from low-privileged authentication (PR:L), directly mapping to T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).