{"uuid": "15350d85-77d5-46ff-b985-598b1b2b0c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4417", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18228", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4417\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N)\n\ud83d\udd39 Description: A cross-site scripting vulnerability exists in \nAVEVA\u00a0PI Connector for CygNet \nVersions 1.6.14 and prior that, if exploited, could allow an \nadministrator miscreant with local access to the connector admin portal \nto persist arbitrary JavaScript code that will be executed by other \nusers who visit affected pages.\n\ud83d\udccf Published: 2025-06-12T19:32:32.628Z\n\ud83d\udccf Modified: 2025-06-12T19:57:09.559Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09\n2. https://www.aveva.com/en/support-and-success/cyber-security-updates/", "creation_timestamp": "2025-06-12T20:34:22.000000Z"}