CVE-2025-4417 (GCVE-0-2025-4417)

Vulnerability from cvelistv5 – Published: 2025-06-12 19:32 – Updated: 2025-06-12 19:57
VLAI?
Title
AVEVA PI Connector for CygNet Cross-site Scripting
Summary
A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that will be executed by other users who visit affected pages.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
CWE
Assigner
References
Impacted products
Vendor Product Version
AVEVA PI Connector for CygNet Affected: 0 , ≤ 1.6.14 (custom)
Create a notification for this product.
Credits
AVEVA reported these vulnerabilities to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-12T19:56:09.240198Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-12T19:57:09.559Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PI Connector for CygNet",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "1.6.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "AVEVA reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A cross-site scripting vulnerability exists in \nAVEVA\u0026nbsp;PI Connector for CygNet \nVersions 1.6.14 and prior that, if exploited, could allow an \nadministrator miscreant with local access to the connector admin portal \nto persist arbitrary JavaScript code that will be executed by other \nusers who visit affected pages."
            }
          ],
          "value": "A cross-site scripting vulnerability exists in \nAVEVA\u00a0PI Connector for CygNet \nVersions 1.6.14 and prior that, if exploited, could allow an \nadministrator miscreant with local access to the connector admin portal \nto persist arbitrary JavaScript code that will be executed by other \nusers who visit affected pages."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-12T19:32:32.628Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09"
        },
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSISoft Customer Portal\u003c/a\u003e, search for \"PI Connector for CygNet\" and select Version 1.7.0 or higher.\n\n\u003cbr\u003e\u003c/p\u003e\nFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-002\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\n\nAll affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From  OSISoft Customer Portal https://my.osisoft.com/ , search for \"PI Connector for CygNet\" and select Version 1.7.0 or higher.\n\n\n\n\n\nFor additional information please refer to  AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-25-162-09",
        "discovery": "INTERNAL"
      },
      "title": "AVEVA PI Connector for CygNet Cross-site Scripting",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure that PI Connector for CygNet administrative access is only provided to trusted entities.\u003c/li\u003e\n\u003cli\u003eAudit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.\u003c/li\u003e\n\u003cli\u003eAudit and limit membership to the OS Local \"Administrators\" and \"PI Connector Administrators\" groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-002\u003c/a\u003e\u003c/p\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA further recommends users follow general defensive measures:\n\n\n\n  *  Ensure that PI Connector for CygNet administrative access is only provided to trusted entities.\n\n  *  Audit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.\n\n  *  Audit and limit membership to the OS Local \"Administrators\" and \"PI Connector Administrators\" groups.\n\n\n\n\nFor additional information please refer to  AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \n\n."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-4417",
    "datePublished": "2025-06-12T19:32:32.628Z",
    "dateReserved": "2025-05-07T18:16:54.504Z",
    "dateUpdated": "2025-06-12T19:57:09.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-4417\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2025-06-12T20:15:21.760\",\"lastModified\":\"2025-06-16T12:32:18.840\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cross-site scripting vulnerability exists in \\nAVEVA\u00a0PI Connector for CygNet \\nVersions 1.6.14 and prior that, if exploited, could allow an \\nadministrator miscreant with local access to the connector admin portal \\nto persist arbitrary JavaScript code that will be executed by other \\nusers who visit affected pages.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de cross-site scripting en AVEVA PI Connector para CygNet versiones 1.6.14 y anteriores que, de ser explotada, podr\u00eda permitir que un administrador malintencionado con acceso local al portal de administraci\u00f3n del conector guarde c\u00f3digo JavaScript arbitrario que ser\u00e1 ejecutado por otros usuarios que visiten las p\u00e1ginas afectadas.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4417\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-12T19:56:09.240198Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-12T19:56:11.392Z\"}}], \"cna\": {\"title\": \"AVEVA PI Connector for CygNet Cross-site Scripting\", \"source\": {\"advisory\": \"ICSA-25-162-09\", \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"AVEVA reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AVEVA\", \"product\": \"PI Connector for CygNet\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.6.14\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"AVEVA recommends that organizations evaluate the impact of these \\nvulnerabilities based on their operational environment, architecture, \\nand product implementation. Users of affected product versions should \\napply security updates to mitigate the risk of exploit.\\n\\nAll affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From  OSISoft Customer Portal https://my.osisoft.com/ , search for \\\"PI Connector for CygNet\\\" and select Version 1.7.0 or higher.\\n\\n\\n\\n\\n\\nFor additional information please refer to  AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \\nvulnerabilities based on their operational environment, architecture, \\nand product implementation. Users of affected product versions should \\napply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://my.osisoft.com/\\\"\u003eOSISoft Customer Portal\u003c/a\u003e, search for \\\"PI Connector for CygNet\\\" and select Version 1.7.0 or higher.\\n\\n\u003cbr\u003e\u003c/p\u003e\\nFor additional information please refer to \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\\\"\u003eAVEVA-2025-002\u003c/a\u003e.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09\"}, {\"url\": \"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"AVEVA further recommends users follow general defensive measures:\\n\\n\\n\\n  *  Ensure that PI Connector for CygNet administrative access is only provided to trusted entities.\\n\\n  *  Audit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.\\n\\n  *  Audit and limit membership to the OS Local \\\"Administrators\\\" and \\\"PI Connector Administrators\\\" groups.\\n\\n\\n\\n\\nFor additional information please refer to  AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \\n\\n.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003eEnsure that PI Connector for CygNet administrative access is only provided to trusted entities.\u003c/li\u003e\\n\u003cli\u003eAudit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.\u003c/li\u003e\\n\u003cli\u003eAudit and limit membership to the OS Local \\\"Administrators\\\" and \\\"PI Connector Administrators\\\" groups.\u003c/li\u003e\\n\u003c/ul\u003e\\n\u003cp\u003eFor additional information please refer to \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\\\"\u003eAVEVA-2025-002\u003c/a\u003e\u003c/p\u003e.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A cross-site scripting vulnerability exists in \\nAVEVA\\u00a0PI Connector for CygNet \\nVersions 1.6.14 and prior that, if exploited, could allow an \\nadministrator miscreant with local access to the connector admin portal \\nto persist arbitrary JavaScript code that will be executed by other \\nusers who visit affected pages.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A cross-site scripting vulnerability exists in \\nAVEVA\u0026nbsp;PI Connector for CygNet \\nVersions 1.6.14 and prior that, if exploited, could allow an \\nadministrator miscreant with local access to the connector admin portal \\nto persist arbitrary JavaScript code that will be executed by other \\nusers who visit affected pages.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2025-06-12T19:32:32.628Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-4417\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-12T19:57:09.559Z\", \"dateReserved\": \"2025-05-07T18:16:54.504Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2025-06-12T19:32:32.628Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.