CVE-2025-61943

The vulnerability, if exploited, could allow an authenticated miscreant 
(Process Optimization Standard User) to tamper with queries in Captive 
Historian and achieve code execution under SQL Server administrative 
privileges, potentially resulting in complete compromise of the SQL 
Server.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
icscertCNA
8.4 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01