Advantech SUSI Driver Improper Access Control Vulnerability
2025-12-16
| CVE ID | CVE-2025-14252 |
|---|---|
| Severity | High |
| Affected Vendors | Advantech |
| Affected Products | Advantech SUSI 5.0.24335 and prior |
| Vulnerability Details | An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior. |
| Solutions & Rules | · Fixed in Advantech SUSI version 5.0.24336 |
| Credit | Jason Huang of TXOne Networks |