Home

Description

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access to downstream resources.

PUBLISHED Reserved 2025-07-31 | Published 2025-08-21 | Updated 2025-08-21 | Assigner icscert




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-201

Product status

Default status
unaffected

Any version before 2020 R2 SP1
affected

Credits

Maxime Escourbiac, Michelin CERT, and Adam Bertrand, Abicom for Michelin CERT reported these vulnerabilities to AVEVA. finder

References

www.aveva.com/...updates/SecurityBulletin_AVEVA-2025-004.pdf

www.cisa.gov/news-events/ics-advisories/icsa-25-224-04

cve.org (CVE-2025-41415)

nvd.nist.gov (CVE-2025-41415)

Download JSON