CVE-2025-14849 Advantech CVE debrief

Who should care

Organizations operating Advantech WebAccess/SCADA in industrial control system environments, particularly those with internet-exposed or inadequately segmented SCADA interfaces. Critical infrastructure operators in manufacturing, energy, water, and building automation sectors should prioritize patching.

Technical summary

CVE-2025-14849 is an unrestricted file upload vulnerability in Advantech WebAccess/SCADA. The flaw allows authenticated attackers with low privileges to upload arbitrary files, potentially leading to remote code execution. The vulnerability is rated CVSS 3.1 8.8 (HIGH) with network attack vector, low complexity, and high impact across confidentiality, integrity, and availability. Advantech has released version 9.2.2 as a vendor fix.

Defensive priority

HIGH

Recommended defensive actions

• Update Advantech WebAccess/SCADA to version 9.2.2 or later per vendor guidance.
• Restrict network access to WebAccess/SCADA management interfaces to authorized administrative hosts only.
• Implement network segmentation to isolate SCADA systems from untrusted networks.
• Monitor for anomalous file upload activities and unexpected executable content in web-accessible directories.
• Apply defense-in-depth strategies for industrial control systems as recommended by CISA.

Evidence notes

CISA ICS Advisory ICSA-25-352-06 published December 18, 2025. CVSS 3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Vendor fix available in WebAccess/SCADA 9.2.2.

Official resources