AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Description

The vulnerability, if exploited, could allow an authenticated miscreant
(with privileges to create or access publication targets of type Text
File or HDFS) to upload and persist files that could potentially be
executed.

Basic Information

ID CVE-2025-54460

Source icscert

Published Aug 21, 2025 at 20:00

Modified Aug 21, 2025 at 20:13

Affected Product

Vendor AVEVA

Product PI Integrator

Affected Versions AVEVA PI Integrator 0

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privileges to create or access publication targets of type Text \nFile or HDFS) to upload and persist files that could potentially be \nexecuted.",
    "published": "2025-08-21T20:00:11.036Z",
    "modified": "2025-08-21T20:13:06.036Z",
    "type": "cve",
    "title": "AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type",
    "source": "icscert",
    "references": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04",
    "id": "CVE-2025-54460",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "AVEVA PI Integrator 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PI Integrator",
    "version": "0",
    "vendor": "AVEVA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type_CVE-2025-54460