CVE-2025-14848: Advantech WebAccess/SCADA Absolute Path Traversal
Published Dec 18, 2025
·Updated
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.
Affected Software
2 affected components
Advantech WebAccess/SCADA
Advantech Webaccess\/scada=9.2.1
Remediation
Information
Advantech recommends users apply the following mitigations and update to WebAccess/SCADA: Version 9.2.2 https://www.advantech.com/en-us/support/details/installation .
Event History
Dec 18, 2025
CVE Published
via MITRE·08:34 PM
Data Sourced
via MITRE·08:34 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-14848?
CVE-2025-14848 is rated as a medium severity vulnerability due to its potential for directory traversal attacks.
2
How does CVE-2025-14848 affect Advantech WebAccess/SCADA?
CVE-2025-14848 allows an attacker to perform absolute directory traversal, potentially exposing arbitrary files on the server.
3
What are the potential exploitations of CVE-2025-14848?
Exploitation of CVE-2025-14848 could lead to information disclosure by revealing sensitive file paths and content.
4
How do I mitigate CVE-2025-14848 in my environment?
To mitigate CVE-2025-14848, ensure that the latest patches and updates for Advantech WebAccess/SCADA are applied.
5
Is CVE-2025-14848 being actively exploited in the wild?
As of now, there are no known active exploits for CVE-2025-14848, but it is advisable to monitor for security advisories.