CVE-2025-41415

Summary

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access to downstream resources.

Affected Software

VendorProductVersion RangeStatus
AVEVAPI Integrator0 < 2020 R2 SP1affected

Weaknesses

  • CWE-201: CWE-201

Workarounds

Additionally, AVEVA recommends the following general defensive measures:

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References