CVE-2025-59171

High

Published: 06 November 2025

Published

06 November 2025

Modified

19 November 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0015 35.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59171 is a high-severity Path Traversal (CWE-22) vulnerability in Advantech Deviceon\/Iedge. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Mobile/Edge AI; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 4 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation and sanitization of uploaded configuration file inputs to prevent path traversal and subsequent remote code execution.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of the specific sanitization flaw in configuration file handling for this CVE.

SI-9 Information Input Restrictions partial match

prevent

Enforces restrictions on information inputs such as file types and content patterns at upload boundaries to block specially crafted configuration files.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1499 Endpoint Denial of Service Impact

Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.

attack.mitre.org →

Why these techniques?

Path traversal flaws enable arbitrary file reads (T1083), exploitation of public-facing web applications (T1190) and remote services (T1210) leading to RCE with system privileges (T1068), and denial-of-service conditions (T1499).

NVD Description

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.

Deeper analysisAI

CVE-2025-59171 is a path traversal vulnerability (CWE-22) stemming from insufficient sanitization of uploaded configuration files, enabling directory traversal and subsequent remote code execution with system-level permissions. Published on 2025-11-06, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact over the network with low attack complexity and no privileges required. The vulnerability affects industrial control systems (ICS) components as detailed in CISA advisory ICSA-25-310-01.

An unauthenticated remote attacker can exploit this vulnerability by uploading a specially crafted configuration file, traversing directories to access unauthorized paths, and achieving remote code execution at the system level. Successful exploitation grants high-level access, potentially allowing data exfiltration given the elevated confidentiality impact, though integrity and availability remain unaffected per the CVSS vector.

Mitigation details are outlined in the CISA ICS advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01 and the associated CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json, with Advantech recommending users contact support via https://www.advantech.com/emt/contact for patches and remediation guidance.

Details

CWE(s): CWE-22

Affected Products

advantech

deviceon\/iedge

≤ 2.0.2

AI Security AnalysisAI

AI Category: Mobile/Edge AI
Risk Domain: Privacy and Disclosure
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Advantech DeviceOn/iEdge is an IoT/edge management platform supporting edge AI deployments, affected by path traversal vulnerability (CVE-2025-59171) in a device dependency allowing arbitrary file reads or authentication bypass.

CVEs Like This One

CVE-2025-58423Same product: Advantech Deviceon\/Iedge

CVE-2025-62630Same product: Advantech Deviceon\/Iedge

CVE-2025-14850Same vendor: Advantech

CVE-2025-34256Same vendor: Advantech

CVE-2022-50593Same vendor: Advantech

CVE-2025-52577Same vendor: Advantech

CVE-2025-52694Same vendor: Advantech

CVE-2025-53515Same vendor: Advantech

CVE-2022-50591Same vendor: Advantech

CVE-2025-53475Same vendor: Advantech

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json
Third Party Advisory · ics-cert@hq.dhs.gov
https://www.advantech.com/emt/contact
Product · ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01
Mitigation, Third Party Advisory, US Government Resource · ics-cert@hq.dhs.gov