CVE-2025-61943
CVE-2025-61943
9.3
CriticalPublished:
Last updated:
Source:ics-cert@hq.dhs.gov
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Local
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- None
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- High
Description
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
References
ics-cert@hq.dhs.gov
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.jsonics-cert@hq.dhs.gov
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68eaics-cert@hq.dhs.gov
https://www.aveva.com/en/support-and-success/cyber-security-updates/ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01