← volver
CVE-2025-54460

AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type

CVSS 7.1 HIGHEPSS 0.3%CWE-434
The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Productos afectados
AVEVA · PI Integrator

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdfhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04