CVE-2025-14850: Advantech WebAccess/SCADA Improper Limitation of a Pathname to a Restricted Directory
Published Dec 18, 2025
·Updated
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
Affected Software
2 affected components
Advantech WebAccess/SCADA
Advantech Webaccess\/scada=9.2.1
Remediation
Information
Advantech recommends users apply the following mitigations and update to WebAccess/SCADA: Version 9.2.2 https://www.advantech.com/en-us/support/details/installation .
Event History
Dec 18, 2025
CVE Published
via MITRE·08:30 PM
Data Sourced
via MITRE·08:30 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-14850?
CVE-2025-14850 has been classified as a high-severity vulnerability due to its potential to allow unauthorized file deletion.
2
How do I fix CVE-2025-14850?
To fix CVE-2025-14850, ensure that you apply the latest security patches provided by Advantech for WebAccess/SCADA.
3
What types of attacks can CVE-2025-14850 facilitate?
CVE-2025-14850 can facilitate directory traversal attacks that allow an attacker to delete arbitrary files on the server.
4
Which product is affected by CVE-2025-14850?
CVE-2025-14850 affects the Advantech WebAccess/SCADA software.
5
What should I do if I am using Advantech WebAccess/SCADA and have concerns about CVE-2025-14850?
If using Advantech WebAccess/SCADA, you should assess your exposure to CVE-2025-14850 and consider implementing mitigation strategies while awaiting vendor guidance.