Plattform
other
Komponente
deviceon-iedge
Behoben in
2.0.3
CVE-2025-62630 identifies a Path Traversal vulnerability within DeviceOn/iEdge, potentially allowing unauthorized access and execution of code. This flaw stems from insufficient sanitization during configuration file uploads, enabling attackers to bypass security controls. Versions 0.0 through 2.0.2 are affected, and a patch is available in version 2.0.3.
The impact of this Path Traversal vulnerability is significant. Successful exploitation allows an attacker to upload files to arbitrary locations on the system, effectively bypassing access controls. This can lead to remote code execution with system-level privileges, granting the attacker complete control over the affected DeviceOn/iEdge instance. The attacker could then exfiltrate sensitive data, modify system configurations, or even use the compromised system as a launchpad for further attacks within the network. The ability to achieve system-level access dramatically expands the potential blast radius of this vulnerability.
CVE-2025-62630 was publicly disclosed on 2025-11-06. The vulnerability's severity is considered HIGH due to the potential for remote code execution. Currently, no public proof-of-concept exploits are known, but the ease of exploitation inherent in Path Traversal vulnerabilities suggests a potential for rapid exploitation if a PoC is released. It is not currently listed on the CISA KEV catalog.
Organizations deploying DeviceOn/iEdge in environments with limited network segmentation or lacking robust file upload security controls are at heightened risk. Systems handling sensitive data or critical infrastructure are particularly vulnerable. Shared hosting environments utilizing DeviceOn/iEdge should be assessed for potential cross-tenant impact.
disclosure
Exploit-Status
EPSS
0.18% (40% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-62630 is to upgrade DeviceOn/iEdge to version 2.0.3 or later, which contains the necessary fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting file upload locations and implementing strict input validation on all uploaded configuration files. Employing a Web Application Firewall (WAF) with rules to block attempts to traverse directories can also provide an additional layer of defense. After upgrading, verify the fix by attempting to upload a specially crafted configuration file designed to trigger the Path Traversal vulnerability; the upload should be rejected.
Actualice DeviceOn/iEdge a una versión posterior a 2.0.2 que corrija la vulnerabilidad de path traversal. Consulte el sitio web de Advantech para obtener la última versión y las instrucciones de actualización. Aplique las configuraciones de seguridad recomendadas por el proveedor para mitigar el riesgo de ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62630 is a HIGH severity vulnerability allowing attackers to traverse directories in DeviceOn/iEdge versions 0.0-2.0.2, potentially leading to remote code execution.
If you are using DeviceOn/iEdge versions 0.0 through 2.0.2, you are potentially affected by this vulnerability.
Upgrade DeviceOn/iEdge to version 2.0.3 or later to remediate the vulnerability. Consider temporary workarounds like restricting file uploads if immediate upgrading is not possible.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential for rapid exploitation.
Refer to the official DeviceOn security advisory for detailed information and updates regarding CVE-2025-62630.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.