OS Command Injection Vulnerability in mySCADA myPRO Manager
CVE-2025-25067

9.3CRITICAL

Key Information:

Vendor
Myscada
Status
Mypro Manager
Vendor
CVE Published:
13 February 2025

Summary

The mySCADA myPRO Manager product is susceptible to an OS command injection vulnerability, enabling an unauthenticated remote attacker to execute arbitrary operating system commands. This could lead to unauthorized access to system resources and potential compromise of the affected systems. It is essential for users to apply the necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

myPRO Manager 0 < 1.4

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-0...
https://www.myscada.org/downloads/mySCADAPROManager/
https://www.myscada.org/contacts/

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Heinzl reported these vulnerabilities to CISA.
.
CVE-2025-25067 : OS Command Injection Vulnerability in mySCADA myPRO Manager | SecurityVulnerability.io