Home

Description

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.

PUBLISHED Reserved 2025-07-31 | Published 2025-08-21 | Updated 2025-08-21 | Assigner icscert




HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-434

Product status

Default status
unaffected

Any version before 2020 R2 SP1
affected

Credits

Maxime Escourbiac, Michelin CERT, and Adam Bertrand, Abicom for Michelin CERT reported these vulnerabilities to AVEVA. finder

References

www.aveva.com/...updates/SecurityBulletin_AVEVA-2025-004.pdf

www.cisa.gov/news-events/ics-advisories/icsa-25-224-04

cve.org (CVE-2025-54460)

nvd.nist.gov (CVE-2025-54460)

Download JSON