CVE-2025-14849: Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type
Published Dec 18, 2025
·Updated
Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
Affected Software
2 affected components
Advantech WebAccess/SCADA
Advantech Webaccess\/scada=9.2.1
Remediation
Information
Advantech recommends users apply the following mitigations and update to WebAccess/SCADA: Version 9.2.2 https://www.advantech.com/en-us/support/details/installation .
Event History
Dec 18, 2025
CVE Published
via MITRE·08:32 PM
Data Sourced
via MITRE·08:32 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-14849?
CVE-2025-14849 has a critical severity level due to the potential for remote code execution.
2
How do I fix CVE-2025-14849?
To fix CVE-2025-14849, apply the latest security patch released by Advantech for WebAccess/SCADA.
3
What type of vulnerability is CVE-2025-14849?
CVE-2025-14849 is an unrestricted file upload vulnerability.
4
What are the potential impacts of CVE-2025-14849?
The potential impacts of CVE-2025-14849 include unauthorized remote code execution on the affected system.
5
Which products are affected by CVE-2025-14849?
CVE-2025-14849 affects Advantech WebAccess/SCADA software.