PatchSiren cyber security CVE debrief
CVE-2025-36539 AVEVA CVE debrief
CVE-2025-36539 affects AVEVA PI Data Archive and PI Server versions identified in CISA’s advisory published on 2025-06-12. An authenticated user can trigger an uncaught exception that may shut down necessary PI Data Archive subsystems, creating a denial of service. AVEVA’s remediation guidance is to move affected installations to PI Server 2024 or higher and apply the vendor’s operational mitigations.
- Vendor
- AVEVA
- Product
- PI Data Archive
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-12
- Original CVE updated
- 2025-06-12
- Advisory published
- 2025-06-12
- Advisory updated
- 2025-06-12
Who should care
OT/ICS operators, PI System administrators, and security teams responsible for AVEVA PI Data Archive or PI Server deployments, especially where service availability is operationally critical.
Technical summary
The advisory describes an authentication-required availability issue: an uncaught exception can be exploited to stop essential PI Data Archive subsystems, resulting in denial of service. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, matching a network-reachable, low-complexity, privilege-requiring DoS condition with high availability impact.
Defensive priority
Medium-high. Prioritize remediation promptly for production or remotely reachable PI deployments because the issue can interrupt core PI Archive functions, but it is not described as a confidentiality or integrity impact.
Recommended defensive actions
- Upgrade affected PI Data Archive and PI Server installations to PI Server 2024 or higher, per AVEVA’s remediation guidance.
- Monitor the liveness of PI Network Manager and PI Archive Subsystem services.
- Configure PI Network Manager and PI Archive Subsystem services to restart automatically.
- Limit access to Port 5450 to trusted workstations and software only.
- Review and apply AVEVA-2025-001 and the vendor’s PI System security best practices guidance.
- Evaluate the impact of the vulnerability in the context of your operational environment, architecture, and product implementation.
Evidence notes
This debrief is based on CISA CSAF advisory ICSA-25-162-07 for CVE-2025-36539, published and modified on 2025-06-12. The advisory names AVEVA PI Data Archive: 2023, AVEVA PI Data Archive: 2023_Patch_1, AVEVA PI Server: 2023, and AVEVA PI Server: 2023_Patch_1 as affected products, and states that upgrading to PI Server 2024 or higher fixes the issue. No KEV listing is indicated in the supplied enrichment. Reference links in the source corpus point to the CISA advisory, the CVE record, vendor support pages, and ICS defensive guidance.
Official resources
-
CVE-2025-36539 CVE record
CVE.org
-
CVE-2025-36539 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICS Advisory ICSA-25-162-07 on 2025-06-12, which is also the published date supplied for CVE-2025-36539.