Cyber Resilience

CVE-2025-62630

High

Published: 06 November 2025

Published
06 November 2025
Modified
19 November 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 52.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62630 is a high-severity Path Traversal (CWE-22) vulnerability in Advantech Deviceon\/Iedge. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-62630 is a path traversal vulnerability (CWE-22) stemming from insufficient sanitization of uploaded configuration files, enabling directory traversal and subsequent remote code execution with system-level permissions. The vulnerability affects components detailed in CISA's Industrial Control Systems Advisory ICSA-25-310-01, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low complexity, and low privilege requirements.

An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network by uploading a specially crafted configuration file. Successful exploitation allows the attacker to traverse directories and execute arbitrary code with system-level permissions, potentially leading to full compromise of the affected system, including high impacts on confidentiality, integrity, and availability.

CISA's ICSA-25-310-01 advisory provides details on mitigation, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01, along with the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json. Vendors including Advantech recommend contacting support via https://www.advantech.com/emt/contact for patches and remediation guidance. The vulnerability was published on 2025-11-06.

EU & UK References

Vulnerability details

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability allows remote exploitation of a network-accessible application via path traversal in uploaded configuration files, enabling arbitrary code execution with system-level privileges from low-privileged authentication (PR:L), directly mapping to T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-58423Same product: Advantech Deviceon\/Iedge
CVE-2025-59171Same product: Advantech Deviceon\/Iedge
CVE-2025-14850Same vendor: Advantech
CVE-2025-60786Shared CWE-22
CVE-2025-27590Shared CWE-22
CVE-2025-12422Shared CWE-22
CVE-2025-34256Same vendor: Advantech
CVE-2025-53515Same vendor: Advantech
CVE-2026-42520Shared CWE-22
CVE-2025-52577Same vendor: Advantech

Affected Assets

advantech
deviceon\/iedge
≤ 2.0.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses insufficient sanitization by requiring effective input validation on uploaded configuration files to reject or filter path traversal attempts.

prevent

Requires identification, reporting, and correction of the path traversal flaw through timely patching as recommended by the vendor.

prevent

Enforces access restrictions on configuration change functions like file uploads, limiting exploitation to fewer low-privilege accounts.

References