CVE-2025-61934CRITICAL 10.0EPSS p41.8%

CVE-2025-61934CVE-2025-61934

Description

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.8% · 2026-06-18T12:00:27Z
Published2025-10-23
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1327

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json
  2. https://support.automationdirect.com/docs/securityconsiderations.pdf
  3. https://www.automationdirect.com/support/software-downloads
  4. https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

1

TypeTargetConfidenceTier
WeaknessBinding to an Unrestricted IP Addresscwe-13270%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-62498
CVE
CVE-2025-48466
CVE
CVE-2025-41709
CVE
CVE-2026-25293
CVE
CVE-2025-40943
CVE
CVE-2026-24790
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.