CVE-2025-58423 — Vulnetix

CVE-2025-58423 PUBLISHED CVSS 8.800000190734863 HIGH

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account.

EPSS 0.14% · 34.3th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.14%

34.3th percentile

Affected Products

Vendor	Product	Versions
Advantech	DeviceOn/iEdge	0
advantech	deviceon\/iedge	0

Timeline

Jul 21, 2025 PoC Published
Nov 6, 2025 PoC Published
Nov 6, 2025 CVE Published
Nov 7, 2025 EPSS Score
Nov 7, 2025 PoC Published
Nov 7, 2025 PoC Published
Nov 12, 2025 EPSS Score
Nov 18, 2025 EPSS Score
Nov 23, 2025 EPSS Score
Nov 28, 2025 EPSS Score
Dec 1, 2025 CVE Updated
Dec 3, 2025 EPSS Score

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01 url
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json url
https://www.advantech.com/emt/contact url
https://nvd.nist.gov/vuln/detail/CVE-2025-58423 advisory

Open in Interactive Console →