CVE-2025-54460

AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type

CVSS 7.1 HIGHEPSS 0.3%CWE-434

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Produtos afetados

AVEVA · PI Integrator

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04