PatchSiren cyber security CVE debrief
CVE-2025-62498 AutomationDirect CVE debrief
CVE-2025-62498 is a high-severity ZipSlip-style relative path traversal issue in AutomationDirect Productivity Suite version 4.4.1.19. According to CISA’s advisory, an attacker who can tamper with a productivity project may be able to execute arbitrary code on the machine where the project is opened. The primary remediation is to move to Productivity Suite 4.5.0.x or higher and apply vendor guidance for connected PLC and automation environments.
- Vendor
- AutomationDirect
- Product
- Productivity Suite
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
OT and ICS operators, automation engineers, plant floor support teams, and IT security teams responsible for engineering workstations or systems that open Productivity Suite project files. Organizations running Productivity Suite 4.4.1.19, or using connected AutomationDirect PLC environments, should prioritize review if project files may be shared from less-trusted sources.
Technical summary
CISA describes the issue as a relative path traversal (ZipSlip) vulnerability in Productivity Suite 4.4.1.19. In practical terms, a crafted or tampered project archive can cause files to be written outside the intended extraction path, which can then lead to arbitrary code execution when the project is opened. The advisory lists affected Product families and recommends upgrading the programming software to 4.5.0.x or later, along with standard OT segmentation and isolation controls.
Defensive priority
High. The CVSS score is 8.8 and the impact includes code execution on the engineering machine that opens a malicious project. Treat as a priority for any environment where project files can arrive from vendors, contractors, removable media, email, or shared file systems.
Recommended defensive actions
- Upgrade Productivity Suite programming software to version 4.5.0.x or higher.
- Apply the latest firmware updates for Productivity PLCs using AutomationDirect’s software download resources.
- Restrict project-file handling to trusted sources and review workflows that import, exchange, or archive Productivity Suite projects.
- Segment OT networks so engineering workstations and PLCs are isolated from broader IT networks and untrusted systems.
- Use firewall or NAC controls to block unnecessary inbound and outbound traffic to PLC-related assets.
- If upgrading is not immediately possible, physically disconnect exposed PLCs from external networks where feasible.
- Follow AutomationDirect’s security considerations and CISA recommended practices for industrial control systems.
Evidence notes
All substantive claims are drawn from the supplied CISA CSAF advisory item and its listed remediations. The corpus identifies the affected version as Productivity Suite 4.4.1.19, the vulnerability class as ZipSlip relative path traversal, the potential impact as arbitrary code execution when a tampered project is opened, and the fixed software baseline as Productivity Suite 4.5.0.x or higher. Published and modified dates supplied in the corpus are both 2025-10-23T06:00:00.000Z; no separate KEV entry is present in the supplied enrichment.
Official resources
-
CVE-2025-62498 CVE record
CVE.org
-
CVE-2025-62498 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-10-23 in CISA’s ICS advisory ICSA-25-296-01 for AutomationDirect Productivity Suite. The supplied enrichment does not mark this CVE as a Known Exploited Vulnerability (KEV).