
CVE-2025-14252
Last Updated: December 16, 2025
Advantech SUSI Driver Improper Access Control Vulnerability
| CVE ID | CVE-2025-14252 |
|---|---|
| Severity | High |
| Affected Vendors | Advantech |
| Affected Products | Advantech SUSI 5.0.24335 and prior |
| Vulnerability Details | An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior. |
| Solutions & Rules | Fixed in Advantech SUSI version 5.0.24336 |
| Credit | Jason Huang of TXOne Networks |
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
security@txone.com