CVE-2025-14252

Last Updated: December 16, 2025

CVE-2025-14252 — Advantech SUSI Driver Improper Access Control Vulnerability

CVE ID: CVE-2025-14252

Publication Date: 2025-12-16

Severity: High

Affected Vendor

Advantech

Affected Product

Advantech SUSI 5.0.24335 and prior

Vulnerability Description

An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure.

Affected Versions

Advantech SUSI 5.0.24335 and prior

Solution

Fixed in Advantech SUSI version 5.0.24336

Credit

Jason Huang of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com

← Back to PSIRT