CVE-2025-54460

Summary

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.

Affected Software

VendorProductVersion RangeStatus
AVEVAPI Integrator0 < 2020 R2 SP1affected

Weaknesses

  • CWE-434: CWE-434

Workarounds

Additionally, AVEVA recommends the following general defensive measures:

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References