PatchSiren cyber security CVE debrief
CVE-2025-44019 AVEVA CVE debrief
CVE-2025-44019 affects AVEVA PI Data Archive and PI Server releases and was publicly disclosed by CISA on 2025-06-12. The issue is an uncaught exception that an authenticated user can trigger to shut down necessary PI Data Archive subsystems, causing denial of service and, depending on crash timing, possible loss of snapshot/write cache data.
- Vendor
- AVEVA
- Product
- PI Data Archive
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-12
- Original CVE updated
- 2025-06-12
- Advisory published
- 2025-06-12
- Advisory updated
- 2025-06-12
Who should care
OT/ICS operators, plant and infrastructure teams, and administrators responsible for AVEVA PI Data Archive or PI Server deployments, especially where uninterrupted historian availability and data integrity are operationally important.
Technical summary
CISA’s advisory describes a network-exposed flaw with low required privileges and no user interaction (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, 7.1). The vulnerable condition is an uncaught exception in PI Data Archive-related components that can shut down required subsystems. Impact is denial of service, and if the crash occurs at the wrong time, data present in snapshots/write cache may be lost. The advisory lists affected lines including PI Data Archive <=2018_SP3_Patch_4, 2023, 2023_Patch_1, and PI Server <=2018_SP3_Patch_6, 2023, 2023_Patch_1.
Defensive priority
High. Prioritize remediation in production OT environments because the flaw can interrupt archive services and may cause data loss, not just a temporary service outage.
Recommended defensive actions
- Upgrade all affected versions to PI Server 2024 or later, per AVEVA guidance.
- For PI Data Archive 2018 SP3 Patch 4 and earlier, and PI Server 2018 SP3 Patch 6 and earlier, upgrade to PI Server 2018 SP3 Patch 7 or later if that is your supported path.
- Monitor the liveness of PI Network Manager and PI Archive Subsystem services.
- Configure PI Network Manager and PI Archive Subsystem services to automatically restart.
- Limit access to Port 5450 to trusted workstations and approved software only.
- Review AVEVA security update guidance for CVE-2025-44019 / AVEVA-2025-001 before scheduling maintenance.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-162-07 (published 2025-06-12), the linked CVE record, and the advisory’s remediation text. The source corpus states that an authenticated user can exploit an uncaught exception to stop necessary PI Data Archive subsystems, leading to denial of service and possible snapshot/write cache loss. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H.
Official resources
-
CVE-2025-44019 CVE record
CVE.org
-
CVE-2025-44019 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICSA-25-162-07 on 2025-06-12. No KEV listing is provided in the supplied data.