CVE-2025-4417

A cross-site scripting vulnerability exists in 
AVEVAPI Connector for CygNet 
Versions 1.6.14 and prior that, if exploited, could allow an 
administrator miscreant with local access to the connector admin portal 
to persist arbitrary JavaScript code that will be executed by other 
users who visit affected pages.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
icscertCNA
5.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Common Weakness Enumeration
References
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09