CVE-2025-67653 is a directory traversal vulnerability classified under CWE-22 affecting Advantech WebAccess/SCADA version 9.2.1. This vulnerability allows an attacker with low privileges (PR:L) to remotely send crafted requests over the network (AV:N) without requiring user interaction (UI:N) to traverse directories and determine the existence of arbitrary files on the server hosting the SCADA application. The vulnerability does not allow modification or deletion of files, thus it impacts confidentiality by revealing file presence but does not affect integrity or availability. The vulnerability arises due to insufficient validation or sanitization of user-supplied input in file path parameters, enabling attackers to escape the intended directory context. Although no public exploits are currently known, the information disclosure can aid attackers in mapping the file system, identifying sensitive files, or planning further targeted attacks. The CVSS v3.1 base score is 4.3, reflecting medium severity, primarily due to the limited impact scope and the requirement for low-level privileges. The vulnerability was published on December 18, 2025, and no patches have been linked yet, emphasizing the need for vendor response and user mitigation. Given the critical role of SCADA systems in industrial control, even information disclosure vulnerabilities can have significant operational security implications if leveraged in multi-stage attacks.

For European organizations, especially those operating critical infrastructure such as energy, manufacturing, and utilities, this vulnerability poses a risk of information leakage that could facilitate reconnaissance by threat actors. By determining the existence of files, attackers can identify configuration files, credentials, or other sensitive data that may be leveraged in subsequent attacks, including privilege escalation or lateral movement within industrial networks. Although the vulnerability does not directly compromise system integrity or availability, the exposure of file system structure undermines operational security and increases the attack surface. European industrial sectors with extensive deployment of Advantech WebAccess/SCADA systems could face increased risk of targeted attacks, potentially impacting national critical infrastructure resilience. The medium severity rating suggests that while immediate exploitation may not cause direct disruption, the vulnerability should be addressed promptly to prevent escalation. Additionally, compliance with European cybersecurity regulations such as NIS2 may require timely mitigation of such vulnerabilities to avoid regulatory penalties.

1. Restrict network access to Advantech WebAccess/SCADA systems by implementing strict firewall rules and network segmentation to limit exposure to trusted management networks only. 2. Apply input validation and sanitization at the application level to prevent directory traversal sequences in file path parameters; if vendor patches become available, deploy them immediately. 3. Monitor system logs and network traffic for unusual access patterns or attempts to access unauthorized files, enabling early detection of exploitation attempts. 4. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of identifying directory traversal attacks targeting SCADA systems. 5. Conduct regular security assessments and penetration testing focused on SCADA environments to identify and remediate similar vulnerabilities proactively. 6. Implement strict access controls and least privilege principles for user accounts interacting with the SCADA system to minimize the impact of compromised credentials. 7. Maintain an up-to-date asset inventory to quickly identify affected systems and prioritize remediation efforts. 8. Engage with Advantech support channels to track patch releases or official mitigation guidance and apply updates promptly once available.