CVE-2025-36539
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-06-16
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects AVEVA PI Data Archive products and involves an uncaught exception that an authenticated user can exploit to shut down certain necessary PI Data Archive subsystems. This results in a denial of service condition, meaning the affected systems become unavailable or non-functional.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause a denial of service by shutting down critical subsystems of the PI Data Archive. This could disrupt operations that rely on these systems, potentially leading to downtime and loss of availability of important data services.
What immediate steps should I take to mitigate this vulnerability?
Apply the latest security updates provided by AVEVA for the PI Data Archive product as part of their security bulletins. Although the specific update for CVE-2025-36539 is not detailed, AVEVA has released security updates addressing vulnerabilities in PI Data Archive and related products. Ensuring your PI Data Archive system is updated to the latest version will help mitigate this denial of service vulnerability. [1]