CVE-2025-62630
Published: 06 November 2025
Summary
CVE-2025-62630 is a high-severity Path Traversal (CWE-22) vulnerability in Advantech Deviceon\/Iedge. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses insufficient sanitization by requiring effective input validation on uploaded configuration files to reject or filter path traversal attempts.
Requires identification, reporting, and correction of the path traversal flaw through timely patching as recommended by the vendor.
Enforces access restrictions on configuration change functions like file uploads, limiting exploitation to fewer low-privilege accounts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote exploitation of a network-accessible application via path traversal in uploaded configuration files, enabling arbitrary code execution with system-level privileges from low-privileged authentication (PR:L), directly mapping to T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).
NVD Description
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
Deeper analysisAI
CVE-2025-62630 is a path traversal vulnerability (CWE-22) stemming from insufficient sanitization of uploaded configuration files, enabling directory traversal and subsequent remote code execution with system-level permissions. The vulnerability affects components detailed in CISA's Industrial Control Systems Advisory ICSA-25-310-01, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low complexity, and low privilege requirements.
An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network by uploading a specially crafted configuration file. Successful exploitation allows the attacker to traverse directories and execute arbitrary code with system-level permissions, potentially leading to full compromise of the affected system, including high impacts on confidentiality, integrity, and availability.
CISA's ICSA-25-310-01 advisory provides details on mitigation, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01, along with the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json. Vendors including Advantech recommend contacting support via https://www.advantech.com/emt/contact for patches and remediation guidance. The vulnerability was published on 2025-11-06.
Details
- CWE(s)