CVE-2025-44019

high

Description

AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. Depending on the timing of the crash, data present in snapshots/write cache may be lost.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-07

https://www.aveva.com/en/support-and-success/cyber-security-updates/

https://my.osisoft.com/

Details

Source: Mitre, NVD

Published: 2025-06-12

Updated: 2025-06-12

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Severity: High

CVSS v4

Base Score: 7.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00037