CVE-2025-9317
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AVEVA | Edge | 0 <= Versions 2023 R2 | affected |
Weaknesses
- CWE-327: CWE-327
Workarounds
The following general defensive measures are recommended:
Access Control Lists should be applied to all folders where users will save and load project files.
Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.
Apply data-protection at the project level with a strong master password. For configuration step-by-step refer to AVEVA Edge "Technical Reference Manual" > Project Overview > Configuring Additional Project Settings > Options Tab > Data Protection.
If passwords are being used as function parameters inside project documents (such as scripts or worksheets), it is recommended to remove those passwords and use project tags instead. For more information on tags refer to AVEVA Edge "Technical Reference Manual" > Tags and the Tag Database > About Tags and the Project Database.
For information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ .
For more information, see AVEVA's Security Bulletin AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf or AVEVA's bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ .
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.