CVE-2025-14850 is a directory traversal vulnerability classified under CWE-22 affecting Advantech WebAccess/SCADA version 9.2.1. This vulnerability arises due to insufficient validation of user-supplied input in file path parameters, allowing an attacker to traverse directories beyond the intended scope. By exploiting this flaw, an attacker with at least limited privileges (PR:L) can delete arbitrary files on the host system remotely over the network without requiring user interaction (UI:N). The vulnerability impacts the integrity and availability of the system by enabling deletion of critical files, potentially disrupting SCADA operations. The CVSS v3.1 base score is 8.1, reflecting high severity due to network attack vector (AV:N), low attack complexity (AC:L), and the requirement of privileges but no user interaction. Although no exploits are currently known in the wild, the vulnerability poses a significant threat to industrial control systems that rely on WebAccess/SCADA for monitoring and control. The lack of available patches at the time of publication necessitates immediate risk mitigation strategies. Given the critical role of SCADA systems in industrial environments, exploitation could lead to operational downtime, loss of data integrity, and potential safety hazards.

For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities, this vulnerability could have severe consequences. Exploitation could lead to deletion of configuration files, logs, or operational data, causing system outages or degraded performance. This may disrupt industrial processes, resulting in financial losses, safety risks, and regulatory non-compliance. The integrity and availability of SCADA systems are paramount for continuous operation; thus, this vulnerability threatens operational continuity and could be leveraged in targeted attacks against European industrial environments. Organizations relying on Advantech WebAccess/SCADA version 9.2.1 are particularly vulnerable. The network-based attack vector increases the risk of remote exploitation, potentially by insider threats or external attackers who have gained limited access. The absence of known exploits currently provides a window for proactive defense, but the high CVSS score indicates urgency in addressing the issue.

1. Immediately restrict network access to Advantech WebAccess/SCADA systems using firewalls and network segmentation to limit exposure to trusted administrators only. 2. Implement strict access controls and least privilege principles to minimize the number of users with privileges required to exploit this vulnerability. 3. Monitor file system integrity with specialized tools to detect unauthorized file deletions or modifications promptly. 4. Regularly back up critical configuration and operational files to enable rapid recovery in case of file deletion. 5. Engage with Advantech support to obtain and apply official patches or workarounds as soon as they become available. 6. Conduct thorough security audits of SCADA environments to identify and remediate other potential input validation weaknesses. 7. Employ intrusion detection systems (IDS) tuned to detect anomalous file access patterns indicative of directory traversal attempts. 8. Train operational technology (OT) personnel on the risks and signs of exploitation related to this vulnerability to enhance incident response readiness.