← back
CVE-2025-4417

AVEVA PI Connector for CygNet Cross-site Scripting

CVSS 6.9 MEDIUMEPSS 0.1%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS 0.1%KEV nãoPoC Patch
Lifecycle
12 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that will be executed by other users who visit affected pages.
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Affected products
AVEVA · PI Connector for CygNet

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.aveva.com/en/support-and-success/cyber-security-updates/https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09