CVE-2025-41415
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: ICS-CERT
Description
Description
The vulnerability, if exploited, could allow an authenticated miscreant
(with privileges to access publication targets) to retrieve sensitive
information that could then be used to gain additional access to
downstream resources.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aveva | pi_integrator_for_business_analytics | 2020_r2_sp1 |
| aveva | pi_integrator_for_business_analytics | 2020_r2_sp2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an authenticated user who has privileges to access publication targets to retrieve sensitive information. An attacker exploiting this could use the obtained information to gain further access to other downstream resources.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to unauthorized disclosure of sensitive information and potentially allow an attacker to escalate their access to additional systems or resources beyond their initial privileges.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70