VDB
CVE-2025-59171
CVE-2025-59171
PUBLISHED
CVSS 7.5 HIGH
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
EPSS 0.20% · 41.5th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.20%
41.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantech | DeviceOn/iEdge | 0 |
| advantech | deviceon\/iedge | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-59171 (circl-sighting)
- CIRCL seen: CVE-2025-59171 (circl-sighting)
- CIRCL seen: CVE-2025-59171 (circl-sighting)
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01 (circl)
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json (circl)
- https://www.advantech.com/emt/contact (circl)
- CVE-2025-48799.yara (github-yara)
- CVE-2025-48799.yara (github-yara)
- CVE-2025-48799.yara (github-yara)
- CVE-2025-48799.yara (github-yara)
…and 4 more exploits
Timeline
- Jul 21, 2025 PoC Published
- Nov 6, 2025 PoC Published
- Nov 6, 2025 CVE Published
- Nov 7, 2025 EPSS Score
- Nov 7, 2025 PoC Published
- Nov 7, 2025 PoC Published
- Nov 12, 2025 EPSS Score
- Nov 18, 2025 EPSS Score
- Nov 19, 2025 CVE Updated
- Nov 23, 2025 EPSS Score
- Nov 28, 2025 EPSS Score
- Dec 4, 2025 EPSS Score