CVE-2025-61943
- Source
- https://cve.org/CVERecord?id=CVE-2025-61943
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61943.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-61943
- Published
- 2026-01-16T02:16:45.093Z
- Modified
- 2026-03-15T14:53:16.962016Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
- References
-
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
- https://www.aveva.com/en/support-and-success/cyber-security-updates/
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
- https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea