AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type
CVE-2025-54460

7.1HIGH

Key Information:

Vendor: Aveva
Status: Pi Integrator
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-54460?

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.

Affected Version(s)

PI Integrator 0 < 2020 R2 SP1

References

https://www.aveva.com/content/dam/aveva/documents/support...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Jul 31, 2025

Credit

Maxime Escourbiac, Michelin CERT, and Adam Bertrand, Abicom for Michelin CERT reported these vulnerabilities to AVEVA.

Aveva

What is CVE-2025-54460?

Affected Version(s)

References

CVSS V4

Timeline

Credit