CVE-2025-13911

18.12.2025, 21:15

The vulnerability affects Ignition SCADA applications where Python
scripting is utilized for automation purposes. The vulnerability arises
from the absence of proper security controls that restrict which Python
libraries can be imported and executed within the scripting environment.
The core issue lies in the Ignition service account having system
permissions beyond what an Ignition privileged user requires. When an
authenticated administrator uploads a malicious project file containing
Python scripts with bind shell capabilities, the application executes
these scripts with the same privileges as the Ignition Gateway process,
which typically runs with SYSTEM-level permissions on Windows.
Alternative code execution patterns could lead to similar results.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.4 MEDIUM	ADJACENT_NETWORK	HIGH	HIGH	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
icscert	CNA	6.4 MEDIUM	ADJACENT_NETWORK	HIGH	HIGH	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Common Weakness Enumeration

CWE-250 - Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-01.json

https://security.inductiveautomation.com/

https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-01