CVE-2025-48470

Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-06-24 03:15

Updated : 2025-07-09 15:21

NVD link : CVE-2025-48470

Mitre link : CVE-2025-48470

CVE.ORG link : CVE-2025-48470

JSON object : View

Products Affected

advantech

wise-4010lan
wise-4050lan
wise-4060lan
wise-4010lan_firmware
wise-4050lan_firmware
wise-4060lan_firmware

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-48470", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.7}]}, "published": "2025-06-24T03:15:34.523", "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061", "tags": ["Third Party Advisory"], "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users\u2019 browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation."}, {"lang": "es", "value": "La explotaci\u00f3n exitosa de la vulnerabilidad de cross-site scripting almacenado podr\u00eda permitir a un atacante inyectar secuencias de comandos maliciosas en los campos del dispositivo y ejecutarlas en el navegador de otros usuarios, lo que podr\u00eda conducir al secuestro de sesi\u00f3n, desfiguraci\u00f3n, robo de credenciales o escalada de privilegios. "}], "lastModified": "2025-07-09T15:21:40.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87715BBD-E9A9-404A-B11E-CFCE0E4CA409"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CFD6963-E219-48F1-8BDE-C3D9F6B2091B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40764D08-8173-4AF3-BB93-249D12A9D07D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}