CVE-2025-34247 identifies a SQL injection vulnerability in Advantech WebAccess/VPN, specifically in the NetworksController.addNetworkAction() method. This vulnerability arises from improper neutralization of special elements used in SQL commands (CWE-89), allowing an authenticated user with observer-level privileges to inject arbitrary SQL code through datatable search parameters. The injection flaw enables attackers to manipulate backend database queries, potentially disclosing sensitive information stored in the database. The vulnerability affects all versions prior to 1.1.5, with no patches currently available. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no user interaction (UI:N), and requires high privileges (PR:H), with low impact on confidentiality and integrity but no impact on availability. Although exploitation requires authentication, the low privilege level needed increases the risk, as observer users typically have broader access than anonymous users. No known exploits have been observed in the wild, but the vulnerability could be leveraged in targeted attacks against organizations using this product. Advantech WebAccess/VPN is commonly deployed in industrial automation and critical infrastructure environments, making this vulnerability relevant for sectors requiring secure remote access and monitoring.

For European organizations, the impact of this vulnerability includes potential unauthorized disclosure of sensitive operational and network data stored in the Advantech WebAccess/VPN backend databases. This could lead to intelligence gathering by threat actors, enabling further targeted attacks or industrial espionage. Confidentiality is primarily affected, with some risk to data integrity if attackers escalate privileges or chain this vulnerability with others. Availability is not impacted. Organizations in sectors such as manufacturing, energy, transportation, and critical infrastructure that rely on Advantech products for remote access and monitoring could face increased risk of data breaches. The requirement for authenticated access limits exposure but does not eliminate risk, especially if observer accounts are widely distributed or poorly managed. The medium severity rating suggests a moderate priority for remediation, but the strategic importance of affected systems in Europe elevates the need for prompt action.

1. Immediately audit and restrict observer user accounts to the minimum necessary permissions, ensuring that only trusted personnel have such access. 2. Implement strict input validation and sanitization on all user-supplied data, particularly datatable search parameters, to prevent SQL injection. 3. Monitor database query logs for unusual or suspicious activity indicative of injection attempts. 4. Employ network segmentation and access controls to limit exposure of the Advantech WebAccess/VPN management interfaces. 5. Apply any available patches or updates from Advantech as soon as they are released. 6. Consider deploying Web Application Firewalls (WAFs) with rules designed to detect and block SQL injection patterns targeting this product. 7. Conduct regular security assessments and penetration testing focused on authentication and input handling mechanisms within WebAccess/VPN. 8. Educate users with observer privileges about security best practices and the risks of credential compromise.