CVE-2025-62630 is a directory traversal vulnerability classified under CWE-22 found in Advantech's DeviceOn/iEdge platform. The root cause is insufficient sanitization of file paths during the upload of configuration files. An attacker with low privileges can craft a malicious configuration file containing directory traversal sequences (e.g., ../) to escape the intended directory and write files to arbitrary locations on the system. This can lead to remote code execution (RCE) with system-level permissions, effectively allowing the attacker to execute arbitrary commands, install malware, or disrupt system operations. The vulnerability is remotely exploitable over the network without requiring user interaction, increasing its risk profile. The CVSS v3.1 score of 8.8 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction needed. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a prime candidate for future exploitation. The affected product, DeviceOn/iEdge, is widely used in industrial IoT and device management scenarios, where system integrity and uptime are critical. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by organizations to reduce exposure.

For European organizations, the impact of CVE-2025-62630 is significant, particularly in sectors relying on industrial automation, IoT device management, and critical infrastructure. Successful exploitation could lead to full system compromise, allowing attackers to manipulate device configurations, disrupt operations, exfiltrate sensitive data, or deploy ransomware. This threatens operational continuity and safety, especially in manufacturing, energy, and transportation sectors prevalent in Europe. The ability to achieve system-level remote code execution without user interaction increases the likelihood of automated attacks and rapid spread within networks. Confidentiality breaches could expose proprietary or personal data, while integrity and availability impacts could halt production lines or critical services. The vulnerability also raises compliance risks under GDPR and other regulatory frameworks due to potential data breaches and operational disruptions.

1. Monitor Advantech communications closely and apply official patches immediately upon release. 2. Until patches are available, restrict file upload capabilities to trusted users and isolate DeviceOn/iEdge systems within segmented network zones with strict access controls. 3. Implement robust input validation and sanitization at network boundaries or proxy layers to detect and block directory traversal patterns in file uploads. 4. Employ application-layer firewalls or intrusion detection/prevention systems (IDS/IPS) configured to identify suspicious file upload behaviors. 5. Conduct regular audits of device configurations and file system integrity to detect unauthorized changes. 6. Limit privileges of accounts interacting with DeviceOn/iEdge to the minimum necessary and enforce strong authentication mechanisms. 7. Educate operational technology (OT) and IT teams about this vulnerability and establish incident response plans tailored to industrial environments. 8. Consider deploying endpoint detection and response (EDR) solutions capable of identifying anomalous process executions on affected devices.