CVE-2025-13911
published 2025-12-18CVE-2025-13911: The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of…
PriorityP432medium6.4CVSS 3.1
AVAACHPRHUINSUCHIHAH
EPSS
0.22%
12.6th percentile
The vulnerability affects Ignition SCADA applications where Python
scripting is utilized for automation purposes. The vulnerability arises
from the absence of proper security controls that restrict which Python
libraries can be imported and executed within the scripting environment.
The core issue lies in the Ignition service account having system
permissions beyond what an Ignition privileged user requires. When an
authenticated administrator uploads a malicious project file containing
Python scripts with bind shell capabilities, the application executes
these scripts with the same privileges as the Ignition Gateway process,
which typically runs with SYSTEM-level permissions on Windows.
Alternative code execution patterns could lead to similar results.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inductive_automation | ignition | — | — |
| inductive_automation | ignition | — | — |
CVSS provenance
nvdv3.16.4MEDIUMCVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.3HIGHCVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wmxh-4mgr-2w85: The vulnerability affects Ignition SCADA applications where Python
scripting is utilized for automation purposes
ghsa_unreviewed·2025-12-18
CVE-2025-13911 [HIGH] CWE-250 GHSA-wmxh-4mgr-2w85: The vulnerability affects Ignition SCADA applications where Python
scripting is utilized for automation purposes
The vulnerability affects Ignition SCADA applications where Python
scripting is utilized for automation purposes. The vulnerability arises
from the absence of proper security controls that restrict which Python
libraries can be imported and executed within the scripting environment.
The core issue lies in the Ignition service account having system
permissions beyond what an Ignition privileged user requires. When an
authenticated administrator uploads a malicious project file containing
Python scripts with bind shell capabilities, the application executes
these scripts with the same privileges as the Ignition Gateway process,
which typically runs with SYSTEM-level permissions on Windows.
Alternative code execution patterns could lead to similar results.
CISA ICS
Inductive Automation Ignition
cisa_ics·2025-12-18·CVSS 6.4
[MEDIUM] Inductive Automation Ignition
ICS Advisory
##
Inductive Automation Ignition
Release DateDecember 18, 2025
Alert CodeICSA-25-352-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could allow an attacker to be granted direct SYSTEM-level code execution on the host operating system running the Ignition Gateway service on Windows systems.
The following versions of Inductive Automation Ignition are affected:
- Ignition (CVE-2025-13911)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 6.4
| Inductive Automation
| Inductive Automation Ignition
| Execution with Unnecessary Privileges
## Background
- Critical Infrastructure Sectors: Critical Manufacturing, Energy, Information Technology
- Cou
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-18
Published