CVE-2025-13913
published 2026-03-12CVE-2025-13913: A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.
PriorityP433medium6.8CVSS 3.1
AVAACLPRHUINSUCHIHAH
EPSS
0.34%
26.4th percentile
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inductive_automation | ignition_software | < 8.3.0 | 8.3.0 |
| inductiveautomation | ignition | < 8.3.0 | 8.3.0 |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.4MEDIUMCVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Inductive Automation Ignition Software
cisa_ics·2026-03-12·CVSS 6.3
[MEDIUM] Inductive Automation Ignition Software
ICS Advisory
##
Inductive Automation Ignition Software
Release DateMarch 12, 2026
Alert CodeICSA-26-071-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running.
The following versions of Inductive Automation Ignition Software are affected:
- Ignition Software <8.3.0 (CVE-2025-13913)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 6.3
| Inductive Automation
| Inductive Automation Ignition Software
| Deserialization of Untrusted Data
## Background
- Critical Infrastructure Sectors: Informa
GHSA
GHSA-439v-7mv7-5p44: Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "fo
ghsa_unreviewed·2026-03-12
CVE-2025-13913 [MEDIUM] CWE-502 GHSA-439v-7mv7-5p44: Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "fo
Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address.
No detection rules found.
No public exploits indexed.
2026-03-12
Published