CVE-2025-13911

EPSS 0.02%
Veröffentlicht 18.12.2025 20:24:30
Zuletzt bearbeitet 19.12.2025 18:00:18
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The vulnerability affects Ignition SCADA applications where Python 
scripting is utilized for automation purposes. The vulnerability arises 
from the absence of proper security controls that restrict which Python 
libraries can be imported and executed within the scripting environment.
 The core issue lies in the Ignition service account having system 
permissions beyond what an Ignition privileged user requires. When an 
authenticated administrator uploads a malicious project file containing 
Python scripts with bind shell capabilities, the application executes 
these scripts with the same privileges as the Ignition Gateway process, 
which typically runs with SYSTEM-level permissions on Windows. 
Alternative code execution patterns could lead to similar results.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerInductive Automation

≫

Produkt Ignition

Default Statusunaffected

Version 8.1.x

Status affected

Version 8.3.x

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.061

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ics-cert@hq.dhs.gov	7.3	0	0	CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	6.4	0.5	5.9	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://security.inductiveautomation.com/

https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-01

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-01.json

https://nvd.nist.gov/vuln/detail/CVE-2025-13911

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13911

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13911

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-13911