On August 12, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an industrial control systems (ICS) advisory warning of two high-severity vulnerabilities in AVEVA’s PI Integrator for Business Analytics. The flaws, tracked as CVE-2025-54460 and CVE-2025-41415, could allow authenticated attackers to upload malicious files and exfiltrate sensitive configuration data, potentially giving them a foothold into critical data pipelines that bridge operational technology (OT) and IT networks.
The advisory, designated ICSA-25-224-04, republishes a coordinated disclosure from AVEVA and assigns CVSS scores that underscore the seriousness of the situation. CVE-2025-54460 carries a CVSS v3.1 score of 7.6, while CVE-2025-41415 hits 6.5. But in the hands of a determined adversary chaining them together, the impact could easily escalate beyond what those numbers suggest.
AVEVA PI Integrator: The Bridge Between OT and Business Intelligence
Before diving into the specifics, it’s worth understanding what’s at stake. AVEVA PI Integrator for Business Analytics is a widely deployed connector that prepares and publishes PI System data—operational time-series and asset context—for consumption by business intelligence platforms like Microsoft Power BI, Tableau, and Spotfire. It’s the kind of tool that sits at the OT/IT boundary, transforming raw industrial data into formats suitable for analytics and data lakes.
Organizations in critical manufacturing, energy, and other infrastructure sectors rely on it daily. Because it operates in environments where uptime is paramount and data integrity is sacrosanct, any security weakness in PI Integrator is a potential disaster waiting to happen.
Two Vulnerabilities, Multiple Pathways to Compromise
The CISA advisory details two distinct but interrelated vulnerabilities:
CVE-2025-54460: Unrestricted Upload of Dangerous Files
This flaw stems from how PI Integrator handles publication targets of type Text File or HDFS. An authenticated user with privileges to create or access these targets can upload files without sufficient restriction on file type or output path. In practice, an attacker could write arbitrary files to directories under the product’s control.
If those output folders aren’t logically isolated from executable paths, or if downstream systems automatically process or execute files from those locations, the uploaded payloads become a direct route to code execution. The CVSS vector highlights low attack complexity and only low privileges required, meaning a compromised low-level account could be enough to exploit this.
CVE-2025-41415: Insertion of Sensitive Information into Sent Data
The second vulnerability allows an authenticated, privileged user to cause sensitive information to be included in PI Integrator output sent to publication targets. This could include configuration parameters, internal identifiers, and—most dangerously—credentials or tokens used to access downstream systems like HDFS, data lakes, or BI ingestion accounts.
With a CVSS v4 score of 7.1 and high confidentiality impact, this flaw essentially hands attackers the keys to other parts of the analytics pipeline. Pair it with CVE-2025-54460, and you have a blueprint for lateral movement and widespread compromise.
Real-World Attack Scenarios: How It Could Play Out
The forum analysis accompanying this advisory paints a grim picture of practical exploitation paths:
Scenario 1: Malicious File Upload to a Shared Execution Path
A low-privilege authenticated user creates a publication target that writes files to a directory also read and executed by a scheduled processing job—perhaps an import script or ETL task. The uploaded file contains a malicious script; when the downstream job runs, that script executes with the privileges of whatever user or service account the job runs under. This could lead to persistence, data manipulation, or further compromise.
Scenario 2: Credential Leakage via Published Output
A publication job configured to include extra metadata for troubleshooting inadvertently exposes stored backend credentials or tokens in exported files. An attacker who can access that output—by exploiting CVE-2025-41415—can harvest those credentials and connect directly to HDFS or the BI data store, exfiltrating or manipulating sensitive operational data.
Scenario 3: The One-Two Punch
The most dangerous path combines both vulnerabilities. First, CVE-2025-41415 is used to obtain credentials for an HDFS cluster. Those credentials then allow the attacker to place a malicious script in a location where a weakly configured ingestion job picks it up and executes it, thanks to CVE-2025-54460. The result: full compromise of the analytics infrastructure and a potential bridge back into the OT network.
Who Discovered the Flaws and What’s the Fix?
The vulnerabilities were reported by Maxime Escourbiac of the Michelin CERT and Adam Bertrand of Abicom for Michelin CERT. AVEVA worked with CISA to coordinate disclosure, resulting in the August 12 advisory.
The primary remediation is straightforward: upgrade to PI Integrator for Business Analytics 2020 R2 SP2 or later. That version fully addresses both issues. AVEVA has made the update available through its customer portal, and CISA’s advisory includes a direct link.
But for organizations that can’t patch immediately—a common reality in OT environments where change management processes are rigorous—AVEVA and CISA offer a set of defensive measures that can materially reduce risk.
Hardening Beyond the Patch: Configuration and Network Defenses
Even with the patch applied, defense-in-depth remains critical. The advisory and the community analysis recommend several immediate steps:
- Permissions Audit: Restrict privileges to create or modify publication targets to only trusted users. Remove unnecessary access to Text File and HDFS targets.
- Restrict Output File Extensions and Paths: Configure publication targets to disallow potentially dangerous file extensions and ensure output folders are isolated from system or executable paths. For HDFS, tighten namespace ACLs and minimize privileges for ingesting services.
- Application Allowlisting: Use Windows Defender Application Control (WDAC) or a similar solution to block execution of unauthorized binaries in sensitive folders. This is especially relevant on Windows Server hosts where PI Integrator runs.
- Network Segmentation: CISA strongly recommends minimizing network exposure for control system devices, locating them behind firewalls, and isolating OT networks from the business network. When remote access is required, use VPNs—but keep them patched and understand their limitations.
- Monitoring and Alerting: Increase logging around publication-target activity, file writes, and downstream processing. Correlate with authentication telemetry to spot anomalies.
- Credential Rotation: If there’s any chance sensitive credentials were exposed, rotate them immediately and audit downstream access logs for unusual activity.
These steps are not just optional—they form a layered defense that can thwart exploitation even if a patch is delayed.
Why Critical Infrastructure Operators Need to Act Fast
PI Integrator sits at a sensitive junction. It transforms raw operational data—temperatures, pressures, production counts—into business intelligence. An attacker who can manipulate outputs or execute code in that pipeline can cause operational disruption, data loss, or even affect safety. In sectors like critical manufacturing, the business and regulatory consequences of a breach can be severe.
Moreover, the “authenticated user” requirement for these flaws is hardly a barrier. Phishing, credential theft, and lateral movement are rampant in enterprise environments. Many OT networks have service accounts that, if compromised, would meet the low-level privileges needed for exploitation.
The Bigger Picture: ICS Security Under Fire
These AVEVA vulnerabilities are emblematic of a broader challenge in industrial cybersecurity: the convergence of IT and OT expands the attack surface, and products like PI Integrator become prime targets. The advisory’s mention of CWE-434 (unrestricted upload) and CWE-201 (information leakage) highlights classic web-application issues lurking in industrial software—a reminder that ICS/OT software often lags behind traditional IT in secure coding practices.
CISA’s involvement underscores the national security dimension. The agency hasn’t reported any active exploitation of these CVEs yet, but the potential for harm is clear. Organizations that delay patching are playing with fire.
What Windows Administrators Should Know
For Windows news enthusiasts, the takeaway is clear: if your organization runs PI Integrator on Windows Server, you have several native tools at your disposal. WDAC, backed by Microsoft’s security baseline recommendations, can harden the system against unauthorized executables. Windows Event Logging and Sysmon can provide the telemetry needed to detect exploitation attempts.
Microsoft’s own documentation on application control, cited in the advisory, is a vital resource. Administrators should review and implement WDAC policies, especially on servers that handle sensitive data outputs.
Final Assessment: Patch First, Harden Now, Monitor Always
The AVEVA PI Integrator disclosures combine authenticated but remotely exploitable attack vectors with realistic pathways to code execution and data theft. The vendor update to version 2020 R2 SP2 is the most direct fix and should be prioritized for production, test, and staging environments. But in ICS environments where change is slow, the configuration and network mitigations can buy you time.
Operators should treat these CVEs as high-priority risks. The combination of vendor patching, permission hardening, file-path isolation, and allowlisting forms a practical layered defense that materially reduces exploitation risk. The real work is operational: inventory your instances, understand your publication targets, and harden the surrounding data pipelines so that a single misconfiguration cannot be leveraged into broad compromise.
For those who depend on PI Integrator to feed operational data into business systems, this is not a drill. Patch, harden, and monitor—because the next alert could be the one that signals an active intrusion.