Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-4417
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-12 Jun, 2025 | 19:32
Updated At-12 Jun, 2025 | 19:57
Rejected At-
▼CVE Numbering Authority (CNA)
AVEVA PI Connector for CygNet Cross-site Scripting

A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that will be executed by other users who visit affected pages.

Affected Products
Vendor
AVEVAAVEVA
Product
PI Connector for CygNet
Default Status
unaffected
Versions
Affected
  • From 0 through 1.6.14 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79
Type: CWE
CWE ID: CWE-79
Description: CWE-79
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected product versions should apply security updates to mitigate the risk of exploit. All affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From OSISoft Customer Portal https://my.osisoft.com/ , search for "PI Connector for CygNet" and select Version 1.7.0 or higher. For additional information please refer to AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .

Configurations
Workarounds

AVEVA further recommends users follow general defensive measures: * Ensure that PI Connector for CygNet administrative access is only provided to trusted entities. * Audit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities. * Audit and limit membership to the OS Local "Administrators" and "PI Connector Administrators" groups. For additional information please refer to AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .

Exploits
Credits
finder
AVEVA reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09
N/A
https://www.aveva.com/en/support-and-success/cyber-security-updates/
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09
Resource: N/A
Hyperlink: https://www.aveva.com/en/support-and-success/cyber-security-updates/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found