Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Multiple Vulnerabilities in Advantech Products

24 June 2025

Advantech has released security updates and mitigation measures addressing multiple vulnerabilities in their products. Users and administrators of affected products are encouraged to update and implement the recommended mitigation measures.

Background

Advantech has released security updates and mitigation measures addressing multiple vulnerabilities (CVE-2025-48461, CVE-2025-48462, CVE-2025-48463, CVE-2025-48466, CVE-2025-48467, CVE-2025-48468, CVE-2025-48469, and CVE-2025-48470) in their products.

Impact

CVE-2025-48461: Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.

CVE-2025-48462: Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.

CVE-2025-48463: Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.

CVE-2025-48466: Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.

CVE-2025-48467: Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.

CVE-2025-48468: Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.

CVE-2025-48469: Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.

CVE-2025-48470: Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.

Affected Products

The vulnerabilities affect the following Advantech products:

  • WISE-4010LAN

  • WISE-4050LAN

  • WISE-4060LAN

Mitigation

CVE-2025-48461, CVE-2025-48462, CVE-2025-48463, CVE-2025-48469, and CVE-2025-48470:  These vulnerabilities can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.

CVE-2025-48466, CVE-2025-48467: These vulnerabilities are addressed in firmware version A2.02 B00, which introduce the ability to manually disable Modbus TCP communication. Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment.

CVE-2025-48468: The JTAG interface is now automatically disabled during normal operation as of firmware version A2.02 B00. Users and administrators of affected products are advised to update to firmware version A2.02 B00.

Please refer to the following link(s) for the official release of the patch and mitigation measures here.

Credits

CSA would like to express appreciation to the following researchers for discovering the vulnerabilities:

CVE-2025-48461: Joel Chang Zhi Kai

CVE-2025-48462, CVE-2025-48467, CVE-2025-48468: Marc Heuse

CVE-2025-48463: Chua Wei Xun

CVE-2025-48466, CVE-2025-48470: Jay Turla, Japz Divino, Jerold Camacho

CVE-2025-48469: Lam Jun Rong

Additionally, CSA would like to thank Advantech for their collaboration on the coordinated disclosure of these vulnerabilities.

References

https://www.advantech.com/en/support/details/firmware-?id=1-1B835P3

https://github.com/shipcod3/CVE-2025-48466

https://jro.sg/CVEs/CVE-2025-48469/



Back to top