{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48462", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2025-05-22T09:41:25.401Z", "datePublished": "2025-06-24T02:08:58.607Z", "dateUpdated": "2025-06-25T13:25:06.014Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Advantech Wireless Sensing and Equipment (WISE)", "vendor": "Advantech", "versions": [{"status": "affected", "version": "A2.01 B00"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Marc Heuse"}], "datePublic": "2025-06-24T02:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."}], "value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2025-06-24T02:46:38.973Z"}, "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n<br>"}], "value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."}], "source": {"discovery": "UNKNOWN"}, "title": "Login Session Exhaustion", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-770", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-24T16:42:45.283647Z", "id": "CVE-2025-48462", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T13:25:06.014Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48462", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-24T16:42:45.283647Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-24T16:43:51.848Z"}}], "cna": {"title": "Login Session Exhaustion", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Marc Heuse"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Advantech", "product": "Advantech Wireless Sensing and Equipment (WISE)", "versions": [{"status": "affected", "version": "A2.01 B00"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.", "supportingMedia": [{"type": "text/html", "value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n<br>", "base64": false}]}], "datePublic": "2025-06-24T02:00:00.000Z", "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.", "supportingMedia": [{"type": "text/html", "value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.", "base64": false}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2025-06-24T02:46:38.973Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48462", "state": "PUBLISHED", "dateUpdated": "2025-06-24T16:45:05.311Z", "dateReserved": "2025-05-22T09:41:25.401Z", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "datePublished": "2025-06-24T02:08:58.607Z", "assignerShortName": "CSA"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "40764D08-8173-4AF3-BB93-249D12A9D07D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9CFD6963-E219-48F1-8BDE-C3D9F6B2091B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*", "matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "87715BBD-E9A9-404A-B11E-CFCE0E4CA409", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*", "matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."}, {"lang": "es", "value": "La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante consumir todos los espacios de sesi\u00f3n disponibles y bloquear el inicio de sesi\u00f3n de otros usuarios, impidiendo as\u00ed que los usuarios leg\u00edtimos obtengan acceso al producto."}], "id": "CVE-2025-48462", "lastModified": "2025-07-09T15:03:03.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "type": "Secondary"}]}, "published": "2025-06-24T03:15:33.753", "references": [{"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "tags": ["Third Party Advisory"], "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"}], "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}