CVE-2025-54460

The vulnerability, if exploited, could allow an authenticated miscreant 
(with privileges to create or access publication targets of type Text 
File or HDFS) to upload and persist files that could potentially be 
executed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
icscertCNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Common Weakness Enumeration
References
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04