CVE-2025-54460

AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type

CVSS 7.1 HIGHEPSS 0.3%CWE-434

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Affected products

AVEVA · PI Integrator

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04