CVE-2025-64302

Опубликовано: 06 нояб. 2025

Источник: nvd

CVSS3: 6.4

CVSS3: 5.4

EPSS Низкий

Описание

Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation.

Ссылки

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json
Third Party Advisory
https://www.advantech.com/emt/contact
Product
https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:advantech:deviceon\/iedge:*:*:*:*:*:*:*:*

Версия до 2.0.2 (включая)

EPSS

Процентиль: 12%

0.00041

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-jq2j-98mw-mwjp

CVSS3: 6.4

github

3 месяца назад

Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation.

EPSS

Процентиль: 12%

0.00041

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79