{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41442", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-07-02T15:12:58.600Z", "datePublished": "2025-07-10T23:15:27.981Z", "dateUpdated": "2025-07-11T17:50:31.478Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "iView", "vendor": "Advantech", "versions": [{"lessThan": "5.7.05 build 7057", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user's browser, potentially leading to \ninformation disclosure or other malicious activities."}], "value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user's browser, potentially leading to \ninformation disclosure or other malicious activities."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-10T23:15:27.981Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"}, {"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Advantech recommends users update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\">v5.7.05 build 7057</a>.\n\n<br>"}], "value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- ."}], "source": {"advisory": "ICSA-25-191-08", "discovery": "EXTERNAL"}, "title": "Advantech iView Cross-site Scripting", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T17:49:43.275598Z", "id": "CVE-2025-41442", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T17:50:31.478Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41442", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-11T17:49:43.275598Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T17:50:26.620Z"}}], "cna": {"title": "Advantech iView Cross-site Scripting", "source": {"advisory": "ICSA-25-191-08", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Alex Williams of Converge Technology Solutions reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Advantech", "product": "iView", "versions": [{"status": "affected", "version": "0", "lessThan": "5.7.05 build 7057", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Advantech recommends users update to v5.7.05 build 7057 https://www.advantech.com/en/support/details/firmware- .", "supportingMedia": [{"type": "text/html", "value": "Advantech recommends users update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183\">v5.7.05 build 7057</a>.\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"}, {"url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user's browser, potentially leading to \ninformation disclosure or other malicious activities.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user's browser, potentially leading to \ninformation disclosure or other malicious activities.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-10T23:15:27.981Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41442", "state": "PUBLISHED", "dateUpdated": "2025-07-11T17:50:31.478Z", "dateReserved": "2025-07-02T15:12:58.600Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-07-10T23:15:27.981Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D3E520F-CCCE-46E1-A8ED-95E10597DF43", "versionEndExcluding": "5.7.05.7057", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Advantech iView versions prior to 5.7.05 build\n 7057, which could allow a reflected cross-site scripting (XSS) attack. \nBy manipulating certain input parameters, an attacker could execute \nunauthorized scripts in the user's browser, potentially leading to \ninformation disclosure or other malicious activities."}, {"lang": "es", "value": "Existe una vulnerabilidad en las versiones de Advantech iView anteriores a la 5.7.05, compilaci\u00f3n 7057, que podr\u00eda permitir un ataque de cross-site scripting (XSS) reflejado. Al manipular ciertos par\u00e1metros de entrada, un atacante podr\u00eda ejecutar secuencias de comandos no autorizadas en el navegador del usuario, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n u otras actividades maliciosas."}], "id": "CVE-2025-41442", "lastModified": "2025-07-23T19:20:42.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-07-11T00:15:24.347", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}