CVE-2025-9317
📋 TL;DR
This vulnerability allows attackers with read access to Edge Project or Edge Offline Cache files to extract weakly hashed passwords and brute-force them offline. Affects AVEVA Edge software users storing app-native or Active Directory credentials. The weak hashing makes password recovery computationally feasible.
💻 Affected Systems
- AVEVA Edge
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain domain administrator credentials, leading to full network compromise and lateral movement across enterprise systems.
Likely Case
Local attackers or malware with file access steal credentials for privilege escalation or persistence within affected systems.
If Mitigated
With proper access controls and monitoring, impact limited to isolated systems without credential reuse.
🎯 Exploit Status
Exploitation requires file system access but uses standard brute-force techniques against weak hashes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: AVEVA Edge 2024
Vendor Advisory: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf
Restart Required: Yes
Instructions:
1. Download AVEVA Edge 2024 from official vendor portal. 2. Backup existing projects. 3. Run installer with administrative privileges. 4. Restart system after installation completes.
🔧 Temporary Workarounds
Restrict File Access
windowsApply strict file permissions to Edge project and cache directories to prevent unauthorized read access.
icacls "C:\ProgramData\AVEVA\Edge\Projects" /deny "Users":(R)
icacls "C:\Users\%USERNAME%\AppData\Local\AVEVA\Edge\Cache" /deny "Users":(R)
🧯 If You Can't Patch
- Implement network segmentation to isolate AVEVA Edge systems from critical infrastructure.
- Deploy endpoint detection and response (EDR) to monitor for unauthorized file access attempts.
🔍 How to Verify
Check if Vulnerable:
Check AVEVA Edge version via Help > About. Versions prior to 2024 are vulnerable.Check Version:
Not applicable - check through application GUIVerify Fix Applied:
Confirm version shows 2024 or later in Help > About dialog.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns to Edge project/cache directories
- Multiple failed authentication attempts following file access events
Network Indicators:
- Lateral movement attempts from AVEVA Edge systems
- Unexpected authentication requests to domain controllers
SIEM Query:
source="windows_security" EventCode=4663 ObjectName="*AVEVA*Edge*" AccessMask="0x1" | stats count by AccountName, ObjectName