PatchSiren cyber security CVE debrief
CVE-2025-4418 AVEVA CVE debrief
CVE-2025-4418 affects AVEVA PI Connector for CygNet versions 1.6.14 and earlier. According to CISA’s advisory, the issue is an improper validation of an integrity check value that could allow a miscreant with elevated privileges to alter local connector data files (cache and buffers) and cause the connector service to become unresponsive. The primary security impact is availability, not code execution or data exposure, and the disclosed attack conditions are constrained by the need for elevated privileges.
- Vendor
- AVEVA
- Product
- PI Connector for CygNet
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-12
- Original CVE updated
- 2025-06-12
- Advisory published
- 2025-06-12
- Advisory updated
- 2025-06-12
Who should care
OT and IT teams running AVEVA PI Connector for CygNet, especially administrators responsible for host hardening, local privilege management, and Windows ACL review on systems where the connector is installed.
Technical summary
CISA’s CSAF advisory describes an integrity-check validation weakness in PI Connector for CygNet <= 1.6.14. The advisory states that a user with elevated privileges could modify local data files used by the connector (cache and buffers), resulting in service unresponsiveness. The provided CVSS vector is AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, which aligns with a local, high-privilege availability-only issue.
Defensive priority
Medium. The issue is exploitable only with elevated local privileges, but the impact can disrupt connector availability in an industrial environment. Prioritize if the connector is operationally critical or if local administrative access is broadly distributed.
Recommended defensive actions
- Upgrade PI Connector for CygNet to version 1.7.0 or later, per AVEVA’s remediation guidance.
- Restrict PI Connector for CygNet administrative access to trusted entities only.
- Audit custom installation folder ACLs and ensure access is limited to trusted entities.
- Limit membership in the OS Local Administrators group and the PI Connector Administrators group.
- Review AVEVA-2025-002 and align local hardening steps with the vendor’s guidance.
- Validate whether affected versions 1.6.14 or earlier are deployed anywhere in the environment and plan remediation accordingly.
Evidence notes
All statements are derived from the supplied CISA CSAF advisory and its listed vendor remediation guidance. The advisory publication and modification dates are both 2025-06-12. The affected scope is explicitly listed as AVEVA PI Connector for CygNet <= 1.6.14. The vendor-recommended fix is version 1.7.0 or higher. The CVSS vector supplied with the advisory indicates local attack conditions, high privileges required, no user interaction, and availability impact only.
Official resources
-
CVE-2025-4418 CVE record
CVE.org
-
CVE-2025-4418 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2025-06-12, with the advisory revision history showing initial publication on the same date. No KEV listing is provided in the supplied corpus.