{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8386", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-07-30T18:49:26.187Z", "datePublished": "2025-11-14T23:57:04.396Z", "dateUpdated": "2025-11-14T23:57:04.396Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Application Server", "vendor": "AVEVA", "versions": [{"lessThanOrEqual": "Versions 2023 R2 SP1 P02", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "AVEVA reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privilege of \"aaConfigTools\") to tamper with App Objects' help \nfiles and persist a cross-site scripting (XSS) injection that when \nexecuted by a victim user, can result in horizontal or vertical \nescalation of privileges. The vulnerability can only be exploited during\n config-time operations within the IDE component of Application Server. \nRun-time components and operations are not affected."}], "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privilege of \"aaConfigTools\") to tamper with App Objects' help \nfiles and persist a cross-site scripting (XSS) injection that when \nexecuted by a victim user, can result in horizontal or vertical \nescalation of privileges. The vulnerability can only be exploited during\n config-time operations within the IDE component of Application Server. \nRun-time components and operations are not affected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.2, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-11-14T23:57:04.396Z"}, "references": [{"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin-AVEVA-2025-005.pdf"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-02"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-02.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users using affected product versions should\n apply security updates to mitigate the risk of exploit.</p><p>All affected versions of the Application Server IDE can be fixed by upgrading to AVEVA System Platform <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/d32b2534-9601-4beb-ac78-046ca2ef594d\">2023 R2 SP1 P03</a>&nbsp;or higher.</p>\n<p>The following general defensive measures are recommended:</p>\n<ul>\n<li>Audit assigned permissions to ensure that only trusted users are \nadded to the \"aaConfigTools\" OS Group. For additional information on \nApplication Server OS Security groups and accounts, see <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/sp-install/page/738031.html\">https://docs.aveva.com/bundle/sp-install/page/738031.html</a></li></ul>For more information, see AVEVA's Security Bulletin <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-005.pdf\">AVEVA-2025-005</a> or AVEVA's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\">bulletins page</a>.\n\n<br>"}], "value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users using affected product versions should\n apply security updates to mitigate the risk of exploit.\n\nAll affected versions of the Application Server IDE can be fixed by upgrading to AVEVA System Platform 2023 R2 SP1 P03 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/d32b2534-9601-4beb-ac78-046ca2ef594d \u00a0or higher.\n\n\nThe following general defensive measures are recommended:\n\n\n\n * Audit assigned permissions to ensure that only trusted users are \nadded to the \"aaConfigTools\" OS Group. For additional information on \nApplication Server OS Security groups and accounts, see https://docs.aveva.com/bundle/sp-install/page/738031.html \n\n\nFor more information, see AVEVA's Security Bulletin AVEVA-2025-005 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-005.pdf or AVEVA's bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."}], "source": {"advisory": "ICSA-25-317-02", "discovery": "INTERNAL"}, "title": "AVEVA Application Server IDE Basic Cross-site Scripting", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privilege of \"aaConfigTools\") to tamper with App Objects' help \nfiles and persist a cross-site scripting (XSS) injection that when \nexecuted by a victim user, can result in horizontal or vertical \nescalation of privileges. The vulnerability can only be exploited during\n config-time operations within the IDE component of Application Server. \nRun-time components and operations are not affected."}], "id": "CVE-2025-8386", "lastModified": "2025-11-15T00:15:48.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 5.3, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-11-15T00:15:48.290", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-02.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin-AVEVA-2025-005.pdf"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{}