{"uuid": "bec238d2-a6da-4cff-83ea-87051fd8f8f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2745", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18224", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2745\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N)\n\ud83d\udd39 Description: A cross-site scripting vulnerability exists in AVEVA\u00a0PI Web API version 2023 \nSP1 and prior that, if exploited, could allow an authenticated attacker \n(with privileges to create/update annotations or upload media files) to \npersist arbitrary JavaScript code that will be executed by users who \nwere socially engineered to disable content security policy protections \nwhile rendering annotation attachments from within a web browser.\n\ud83d\udccf Published: 2025-06-12T19:42:27.001Z\n\ud83d\udccf Modified: 2025-06-12T20:09:34.976Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-08\n2. https://www.aveva.com/en/support-and-success/cyber-security-updates/", "creation_timestamp": "2025-06-12T20:34:15.000000Z"}