CVE-2025-48470

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-48470
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.

4.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*
History

09 Jul 2025, 15:21

Type Values Removed Values Added
References () https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061 - () https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061 - Third Party Advisory
CPE cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*
cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*
cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*
First Time Advantech
Advantech wise-4060lan Firmware
Advantech wise-4050lan Firmware
Advantech wise-4060lan
Advantech wise-4050lan
Advantech wise-4010lan
Advantech wise-4010lan Firmware

25 Jun 2025, 13:15

Type Values Removed Values Added
CWE CWE-79
Summary
  • (es) La explotación exitosa de la vulnerabilidad de cross-site scripting almacenado podría permitir a un atacante inyectar secuencias de comandos maliciosas en los campos del dispositivo y ejecutarlas en el navegador de otros usuarios, lo que podría conducir al secuestro de sesión, desfiguración, robo de credenciales o escalada de privilegios.

24 Jun 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-24 03:15

Updated : 2025-07-09 15:21

NVD link : CVE-2025-48470

Mitre link : CVE-2025-48470

CVE.ORG link : CVE-2025-48470

JSON object : View

Products Affected

advantech

  • wise-4050lan
  • wise-4060lan
  • wise-4010lan
  • wise-4050lan_firmware
  • wise-4060lan_firmware
  • wise-4010lan_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')