Warning: 11 vulnerabilities patched in Advantech WISE-DeviceOnServer, Patch Immediately!

Image
Decorative image
Publié : 08/12/2025
  • Last update: 09/12/2025
  • Affected software:
    → Advantech WISE-DeviceOnServer
  • Type: Remote Code Execution
  • CVE/CVSS
    → CVE-2025-34256: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
    →CVE-2025-34257 to CVE-2025-34266: CVSS 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Sources

Advantech - https://advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY----DeviceOn.pdf

Risks

Advantech has identified and addressed multiple security vulnerabilities in WISE-DeviceOn Server version 5.3.12. These vulnerabilities, including CVE-2025-34256 and a series of stored cross-site scripting issues (CVE-2025-34257 to CVE-2025-34266), could allow attackers to compromise authentication, inject malicious scripts, or bypass security controls.

Description

CVE-2025-34256 – Use of Hard-coded Cryptographic Key

A hard-coded key in the AuthUtil EIRMMToken generation mechanism causes the vulnerability. An attacker who successfully exploits this flaw could compromise the security and integrity of authentication tokens, allowing unauthorised access or manipulation of user sessions.

CVE-2025-34257 to CVE-2025-34266 – Stored Cross-Site Scripting (XSS)

These vulnerabilities allow an attacker to inject malicious scripts into device fields, which can be executed in other users’ browsers. Exploitation could lead to session hijacking, credential theft, defacement, or privilege escalation.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
All users should update to WISE-DeviceOn Server version 5.4 or later to fully mitigate these vulnerabilities.

Monitor/Detect
The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-34256