In recent years, the widespread application of cyber-physical systems(CPS) in the industrial sphere has elicited substantial attention towards system security issues. Given the deep reliance of CPS on communication networks, cyber-attacks have emerged as one of the most severe threats, particularly those capable of disrupting system state awareness. Thus, secure state estimation---accurately gauging the system state under attack---has become a security concern of widespread interest. This paper aims to summarize the advances in secure state estimation research under cyber-attacks for CPS. Initially, we introduce typical cyber-attacks and elaborate on the secure state estimation problem under sparse attacks. Subsequently, the state of research on centralized and distributed secure state estimation is explored. When considering the difficulty of secure state estimation under sparse attacks, the crux lies in swiftly identifying the set of channels under attack---a process potentially involving high computational complexity. Therefore, we categorize secure state estimation methods into exhaustive and non-exhaustive search types, summarizing and elaborating on the strengths and weaknesses of current methods. Further, we present the status of research on observability analysis for CPS's secure state under sparse attacks. Existing studies suggest that increasing detection mechanisms or prior knowledge can alleviate the baseline redundancy requirement for secure state estimation under sparse attacks. Meanwhile, distinguishing between attacks and failures can effectively reduce sensor redundancy requirements. Finally, the paper anticipates ongoing challenges in secure state estimation for CPS and proposes potential directions for resolution.