CVE-2025-64302 is a vulnerability classified under CWE-79 (Cross-Site Scripting) affecting Advantech's DeviceOn/iEdge platform. The root cause is insufficient sanitization of user-supplied input in dashboard labels or path parameters. This flaw allows an attacker to inject malicious scripts that can cause device errors, leading to potential information disclosure or unauthorized data manipulation. The vulnerability can be exploited remotely over the network with low attack complexity and requires only low-level privileges, without any user interaction. The vulnerability impacts confidentiality and integrity but does not affect availability. The CVSS v3.1 base score is 6.4, reflecting a medium severity level. No patches or known exploits are currently reported, but the vulnerability's presence in industrial IoT management software raises concerns due to the critical nature of such environments. The vulnerability's scope is broad since it affects all versions of DeviceOn/iEdge identified as '0' in the affected versions field, indicating possibly all current versions. This vulnerability could be leveraged to gain unauthorized insights into device configurations or manipulate dashboard data, potentially disrupting operational monitoring or control processes.

For European organizations, especially those operating in industrial automation, manufacturing, or critical infrastructure sectors, this vulnerability poses a risk to the confidentiality and integrity of device management data. Exploitation could lead to unauthorized disclosure of sensitive operational information or manipulation of device settings, which may degrade trust in monitoring systems or cause incorrect operational decisions. Given the reliance on Advantech DeviceOn/iEdge in industrial IoT deployments, the impact could extend to production efficiency and safety. While availability is not directly affected, the indirect consequences of data manipulation could lead to operational disruptions. The risk is heightened in environments where the management interface is exposed to less trusted networks or where privilege separation is weak. European organizations with regulatory obligations around data protection and operational security may face compliance risks if this vulnerability is exploited.

1. Implement strict input validation and sanitization on all dashboard label and path inputs to prevent script injection. 2. Restrict network access to the DeviceOn/iEdge management interfaces using firewalls, VPNs, or network segmentation to limit exposure. 3. Enforce the principle of least privilege for users accessing the platform, ensuring only authorized personnel have low-level privileges. 4. Monitor logs and network traffic for unusual or malformed input patterns targeting dashboard parameters. 5. Apply vendor patches or updates promptly once available; engage with Advantech support for timelines and interim mitigations. 6. Conduct regular security assessments and penetration tests focusing on web interface vulnerabilities. 7. Educate operational technology (OT) and IT teams about the risks of input validation flaws and the importance of secure configuration. 8. Consider deploying Web Application Firewalls (WAF) capable of detecting and blocking XSS attempts targeting the platform.