CVE-2025-13913

EUVD-2025-208615
Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
icscertCNA
6.3 MEDIUM
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-06.json
https://inductiveautomation.com/resources/article/ignition-security-hardening-guide
https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-06