You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-54460
About this tag
CVE-2025-54460 is a security vulnerability affecting AVEVA PI Integrator for Business Analytics, specifically versions 2020 R2 SP1 and earlier. This flaw, along with CVE-2025-41415, is remotely exploitable and allows authenticated attackers to upload dangerous file types and disclose sensitive output data. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging organizations to patch immediately. Discussions on WindowsForum.com highlight the critical nature of these vulnerabilities, emphasizing the need for prompt remediation to protect industrial and enterprise environments that rely on PI Integrator for data analytics. The tag covers threat details, affected versions, and recommended actions.
AVEVA's PI Integrator for Business Analytics has been the subject of a coordinated security disclosure that identifies two authenticated, yet remotely exploitable, vulnerabilities which could permit file upload of dangerous types and the disclosure of sensitive output data — issues that demand...
aveva pi integrator
cisa icsa-25-224-04
credential leakage
critical infrastructure
cve-2025-41415
cve-2025-54460
dangerous file types
data exfiltration
hdfs targets
ics security
insertion of sensitive information
network segmentation
ot security
patch management
pi integrator for business analytics
sensitive data
text file targets
unrestricted file upload
wdac allowlisting