CVE-2025-54460
HIGHAVEVA PI Integrator through 2020 R2 SP1 - Unrestricted File Upload
Title source: llmDescription
The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.
References (2)
Core 2
Core References
Various Sources
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04
Scores
CVSS v3
7.1
EPSS
0.0006
EPSS Percentile
18.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (1)
AVEVA/PI Integrator
< 2020 R2 SP1
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026