AVEVA PI Integrator Insertion of Sensitive Information into Sent Data
CVE-2025-41415

7.1HIGH

Key Information:

Vendor: Aveva
Status: Pi Integrator
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-41415?

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access to downstream resources.

Affected Version(s)

PI Integrator 0 < 2020 R2 SP1

References

https://www.aveva.com/content/dam/aveva/documents/support...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Jul 31, 2025

Credit

Maxime Escourbiac, Michelin CERT, and Adam Bertrand, Abicom for Michelin CERT reported these vulnerabilities to AVEVA.

Aveva

What is CVE-2025-41415?

Affected Version(s)

References

CVSS V4

Timeline

Credit