Denial of Service Vulnerability in AVEVA PI Data Archive Products
CVE-2025-36539

7.1HIGH

Key Information:

Vendor: Aveva
Status: Pi Data Archive; Pi Server
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-36539?

AVEVA PI Data Archive products are susceptible to a vulnerability due to an uncaught exception. An attacker with authenticated access could exploit this flaw to forcibly shut down critical subsystems of the PI Data Archive, leading to a denial of service condition. This disruption could impact data continuity and overall system functionality, posing significant risks for organizations relying on these products for data management.

Affected Version(s)

PI Data Archive 2023 <= 2018 SP3 Patch 4

PI Data Archive 2023 Patch 1

PI Server 2023 <= 2018 SP3 Patch 6

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.aveva.com/en/support-and-success/cyber-securi...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Apr 21, 2025

Credit

AVEVA reported these vulnerabilities to CISA.

Aveva

What is CVE-2025-36539?

Affected Version(s)

References

CVSS V4

Timeline

Credit