CVE-2025-4417

Published Jun 12, 2025

Last updated a month ago

CVSS medium 6.9

Overview

Description: A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that will be executed by other users who visit affected pages.
Source: ics-cert@hq.dhs.gov
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 6.9
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Secondary
Base score: 5.5
Impact score: 4
Exploitability score: 1.1
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

ics-cert@hq.dhs.gov: CWE-79

Hype score: Not currently trending

CVE-2025-4417 A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant wit… https://t.co/Xe3bYZi9gu
@CVEnew
12 Jun 2025
396 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.