Denial of Service Vulnerability in AVEVA PI Data Archive Products
CVE-2025-44019

7.1HIGH

Key Information:

Vendor: Aveva
Status: Pi Data Archive; Pi Server
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-44019?

AVEVA PI Data Archive products are susceptible to an unhandled exception that may be exploited by authenticated users. This could lead to the shutdown of essential subsystems within the PI Data Archive, thereby causing a denial of service. If the failure occurs at specific times, there might also be a risk of losing critical data stored in snapshots and the write cache.

Affected Version(s)

PI Data Archive 0 <= 2018 SP3 Patch 4

PI Data Archive 2023

PI Data Archive 2023 Patch 1

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.aveva.com/en/support-and-success/cyber-securi...

https://my.osisoft.com/

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Apr 21, 2025

Credit

AVEVA reported these vulnerabilities to CISA.

Aveva

What is CVE-2025-44019?

Affected Version(s)

References

CVSS V4

Timeline

Credit