CVE-2025-58423

High

Published: 06 November 2025

Published

06 November 2025

Modified

21 November 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 34.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-58423 is a high-severity Path Traversal (CWE-22) vulnerability in Advantech Deviceon\/Iedge. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 3 other techniques. AI-specific risk: MITRE ATLAS External Harms (AML.T0048). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation and sanitization of information inputs such as uploaded configuration files to block path traversal, arbitrary read/write, and DoS exploits.

CM-5 Access Restrictions for Change good match

prevent

Restricts access to configuration change activities, preventing low-privilege remote users from uploading specially crafted configuration files.

AC-6 Least Privilege good match

prevent

Enforces least privilege on processes handling uploaded files to mitigate privilege escalation to local system account for arbitrary file operations.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499 Endpoint Denial of Service Impact

Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.

attack.mitre.org →

Why these techniques?

Path traversal (CWE-22) in CVE-2025-58423, CVE-2025-62630, CVE-2025-59171 enables arbitrary file read/write/discovery as local system (T1083, facilitates T1068 priv esc); DoS condition (T1499); remote exploitation of public-facing web app (T1190).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

NVD Description

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account.

Deeper analysisAI

CVE-2025-58423, published on 2025-11-06, is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) stemming from insufficient sanitization of uploaded configuration files, classified under CWE-22 (path traversal). It affects Advantech products as documented in CISA ICS advisory ICSA-25-310-01. An attacker can upload a specially crafted configuration file to trigger denial-of-service conditions, perform directory traversal, or read/write arbitrary files within the context of the local system account.

The attack requires low privileges (PR:L) and can be conducted remotely over the network (AV:N) with low attack complexity and no user interaction. A remote authenticated attacker with low-level access can exploit this to achieve full confidentiality, integrity, and availability impacts, including arbitrary file read/write operations executed as the local system account or causing service disruptions via DoS.

Mitigation guidance is provided in the referenced advisories. Security practitioners should consult the CISA ICS advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01, the corresponding CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json, and contact Advantech support at https://www.advantech.com/emt/contact for patches or additional remediation steps.

Details

CWE(s): CWE-22

Affected Products

advantech

deviceon\/iedge

≤ 2.0.2

CVEs Like This One

CVE-2025-62630Same product: Advantech Deviceon\/Iedge

CVE-2025-59171Same product: Advantech Deviceon\/Iedge

CVE-2025-14850Same vendor: Advantech

CVE-2025-34256Same vendor: Advantech

CVE-2025-52577Same vendor: Advantech

CVE-2025-52694Same vendor: Advantech

CVE-2025-53515Same vendor: Advantech

CVE-2025-53475Same vendor: Advantech

CVE-2026-2749Shared CWE-22

CVE-2026-33670Shared CWE-22

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json
Third Party Advisory · ics-cert@hq.dhs.gov
https://www.advantech.com/emt/contact
Product · ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01
Mitigation, Third Party Advisory, US Government Resource · ics-cert@hq.dhs.gov