CVE-2025-58423 is a directory traversal vulnerability classified under CWE-22 found in Advantech's DeviceOn/iEdge platform, which is widely used in industrial IoT and device management. The vulnerability arises from insufficient sanitization of uploaded configuration files, allowing an attacker with local privileges to craft files that can traverse directories beyond intended paths. This enables unauthorized reading and writing of arbitrary files on the system, potentially leading to data disclosure, manipulation, or system instability. Additionally, the crafted files can cause denial-of-service conditions by corrupting configurations or overwriting critical files. The vulnerability requires the attacker to have some level of privileges (PR:L) but does not require user interaction (UI:N) and can be exploited remotely over the network (AV:N) with low complexity (AC:L). The scope of impact includes confidentiality, integrity, and availability, as the attacker can access sensitive files, modify system behavior, or disrupt services. No patches or known exploits are currently available, but the high CVSS score (8.8) indicates a serious risk. The vulnerability is particularly concerning for industrial environments where DeviceOn/iEdge manages critical devices, as exploitation could lead to operational disruptions or data breaches. The lack of patch availability necessitates immediate mitigation efforts to prevent exploitation.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors relying on Advantech DeviceOn/iEdge, this vulnerability poses significant risks. Exploitation could lead to unauthorized access to sensitive configuration files, manipulation of device settings, and disruption of industrial processes, potentially causing operational downtime and safety hazards. The ability to perform directory traversal and file manipulation under the local system account elevates the threat to critical infrastructure, where availability and integrity are paramount. Data confidentiality may also be compromised if sensitive files are accessed or exfiltrated. Given the interconnected nature of industrial networks in Europe, a successful attack could propagate effects across multiple systems and facilities. The absence of known exploits currently provides a window for proactive defense, but the high severity demands urgent attention to avoid potential targeted attacks. Organizations may also face regulatory and compliance implications under GDPR and NIS Directive if the vulnerability leads to data breaches or service disruptions.

1. Immediately restrict file upload permissions to trusted administrators and authenticated users only, minimizing exposure. 2. Implement strict input validation and sanitization on all uploaded configuration files to prevent directory traversal sequences (e.g., '..\' or '../'). 3. Employ application-layer controls to enforce allowed file paths and reject any attempts to access unauthorized directories. 4. Monitor system logs and file system activity for unusual file uploads or modifications indicative of exploitation attempts. 5. Isolate DeviceOn/iEdge systems within segmented network zones with limited access to reduce attack surface. 6. Maintain regular backups of configuration files and critical data to enable rapid recovery from denial-of-service or data corruption incidents. 7. Engage with Advantech for updates and patches, and apply them promptly once available. 8. Conduct security awareness training for administrators managing DeviceOn/iEdge to recognize suspicious activities. 9. Consider deploying host-based intrusion detection systems (HIDS) to detect anomalous file system behavior. 10. Review and harden authentication mechanisms to ensure only authorized personnel can upload configuration files.