CVE-2025-54460
📋 TL;DR
This vulnerability allows authenticated users with publication target creation/access privileges to upload and persist files that could be executed. It affects AVEVA products with Text File or HDFS publication target functionality. Attackers could achieve remote code execution through file upload.
💻 Affected Systems
- AVEVA PI System
- AVEVA PI AF
- AVEVA PI Vision
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker achieves remote code execution with system-level privileges, leading to complete system compromise, data theft, and lateral movement.
Likely Case
Privileged insider or compromised account uploads malicious files that get executed, leading to data exfiltration or persistence mechanisms.
If Mitigated
With proper access controls and file validation, impact limited to unauthorized file storage without execution.
🎯 Exploit Status
Requires authenticated access and specific privileges. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to AVEVA Security Bulletin AVEVA-2025-004 for specific version updates
Vendor Advisory: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf
Restart Required: Yes
Instructions:
1. Review AVEVA Security Bulletin AVEVA-2025-004. 2. Download and apply the appropriate security updates from AVEVA support portal. 3. Restart affected services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Publication Target Privileges
allLimit user privileges for creating or accessing Text File and HDFS publication targets to only essential personnel.
Implement File Upload Validation
allAdd server-side validation to block executable file uploads through publication targets.
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for publication target functionality
- Monitor file upload activities and implement file integrity monitoring on publication target directories
🔍 How to Verify
Check if Vulnerable:
Check if running affected AVEVA product versions and if users have publication target privileges.Check Version:
Check AVEVA product documentation for version checking commands specific to each product.Verify Fix Applied:
Verify installed version matches patched versions listed in AVEVA-2025-004 and test file upload functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to publication targets
- Multiple failed upload attempts
- User privilege escalation attempts
Network Indicators:
- Unexpected outbound connections from AVEVA servers
- File transfer to unusual destinations
SIEM Query:
source="AVEVA" AND (event="file_upload" OR event="publication_target_create") AND file_extension IN ("exe", "bat", "sh", "ps1")