PatchSiren cyber security CVE debrief
CVE-2025-13373 Advantech CVE debrief
Advantech iView versions 5.7.05.7057 and prior contain an SQL injection vulnerability in their handling of SNMP v1 trap requests on port 162. The application fails to properly sanitize input received through this network management protocol, allowing an attacker to inject malicious SQL commands. This vulnerability is network-accessible without authentication, presenting a significant exposure for affected industrial control system environments. The CVSS 3.1 score of 7.5 (HIGH) reflects the network attack vector, low attack complexity, and no required privileges or user interaction, with high impact to confidentiality. CISA published this advisory on December 4, 2025, as ICSA-25-338-07. Advantech has released iView version 5.8.1 to address this vulnerability. Organizations should prioritize patching, especially for systems exposed to untrusted networks, and consider network segmentation to restrict SNMP trap traffic to authorized management hosts.
- Vendor
- Advantech
- Product
- iView
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-12-04
- Original CVE updated
- 2025-12-04
- Advisory published
- 2025-12-04
- Advisory updated
- 2025-12-04
Who should care
Organizations operating Advantech iView for industrial network management and monitoring, particularly in manufacturing, energy, water/wastewater, and other critical infrastructure sectors. Security teams responsible for OT/ICS environments, network administrators managing SNMP-based monitoring infrastructure, and compliance officers tracking vulnerability remediation for industrial control systems should prioritize this patch. Organizations with iView instances exposed to business networks or with flat network architectures face elevated risk.
Technical summary
The vulnerability exists in the SNMP v1 trap receiver component of Advantech iView, which listens on UDP port 162. When processing incoming trap requests, the application fails to adequately sanitize user-controllable input before incorporating it into SQL queries. This allows an unauthenticated remote attacker to inject arbitrary SQL commands, potentially enabling unauthorized data access or manipulation of the iView database. The attack requires network connectivity to the SNMP trap port but no authentication credentials. The confidentiality impact is rated HIGH, while integrity and availability impacts are not directly affected per the CVSS vector. This represents a classic injection weakness (CWE-89) in an industrial network management context where SNMP is commonly used for device monitoring and alerting.
Defensive priority
HIGH
Recommended defensive actions
- Update Advantech iView to version 5.8.1 or later to remediate the SQL injection vulnerability in SNMP v1 trap handling
- Restrict network access to port 162 (SNMP traps) to authorized management hosts only through firewall rules or network segmentation
- Monitor for anomalous SNMP trap traffic patterns that may indicate attempted exploitation
- Review database access logs for unexpected SQL queries originating from the iView application
- Apply defense-in-depth controls per CISA ICS recommended practices for industrial control system environments
- Validate input sanitization for all network management protocol handlers during security assessments
Evidence notes
Vulnerability confirmed through CISA CSAF advisory ICSA-25-338-07. Affected versions explicitly stated as 5.7.05.7057 and prior. Vendor fix version 5.8.1 confirmed in remediation data. CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N sourced from advisory.
Official resources
-
CVE-2025-13373 CVE record
CVE.org
-
CVE-2025-13373 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-12-04