CVE-2025-2745

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", "name": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", "tags": [], "refsource": ""}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-08", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-08", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A cross-site scripting vulnerability exists in AVEVA\u00a0PI Web API version 2023 \nSP1 and prior that, if exploited, could allow an authenticated attacker \n(with privileges to create/update annotations or upload media files) to \npersist arbitrary JavaScript code that will be executed by users who \nwere socially engineered to disable content security policy protections \nwhile rendering annotation attachments from within a web browser."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-2745", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {}, "publishedDate": "2025-06-12T20:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-06-12T20:15Z"}