CVE-2025-61977
published 2025-10-23CVE-2025-61977: A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability…
PriorityP334high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.13%
3.0th percentile
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automationdirect | productivity_1000_p1-540_cpu | < SW v4.4.1.19 | SW v4.4.1.19 |
| automationdirect | productivity_1000_p1-550_cpu | <= SW v4.4.1.19 | — |
| automationdirect | productivity_2000_p2-550_cpu | <= SW v4.4.1.19 | — |
| automationdirect | productivity_2000_p2-622_cpu | <= SW v4.4.1.19 | — |
| automationdirect | productivity_3000_p3-530_cpu | <= SW v4.4.1.19 | — |
| automationdirect | productivity_3000_p3-550e_cpu | <= SW V4.2.1.9 | — |
| automationdirect | productivity_3000_p3-622_cpu | <= SW V4.2.1.9 | — |
| automationdirect | productivity_suite | <= SW V4.2.1.9 | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.3HIGHCVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2fv7-mv57-whf5: A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4
ghsa_unreviewed·2025-10-24
CVE-2025-61977 [HIGH] CWE-640 GHSA-2fv7-mv57-whf5: A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.
CISA ICS
AutomationDirect Productivity Suite
cisa_ics·2025-10-23·CVSS 8.8
[HIGH] AutomationDirect Productivity Suite
ICS Advisory
##
AutomationDirect Productivity Suite
Release DateOctober 23, 2025
Alert CodeICSA-25-296-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: AutomationDirect
- Equipment: Productivity Suite
- Vulnerabilities: Relative Path Traversal, Weak Password Recovery Mechanism for Forgotten Password, Incorrect Permission Assignment for Critical Resource, Binding to an Unrestricted IP Address
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary code, disclose information, gain full-control access to projects, or obtain read and write access
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-23
Published