top of page
perceptive_background_267k.jpg

The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Standard User) to tamper with queries in Captive
Historian and a…

Published:

15 januari 2026 om 23:00:00

Alert date:

16 januari 2026 om 03:02:30

Source:

nvd.nist.gov

Click to open the original link from this advisory

Critical Infrastructure, Database & Storage

CVE-2025-61943 is a high-severity SQL injection vulnerability in AVEVA's Captive Historian component. The vulnerability allows authenticated users with Process Optimization Standard User privileges to tamper with SQL queries and achieve code execution under SQL Server administrative privileges. Exploitation could lead to complete compromise of the SQL Server instance. The vulnerability affects industrial control systems and operational technology environments. Multiple advisory sources including CISA ICS advisories and AVEVA security updates provide remediation guidance.

Technical details

Mitigation steps:

Affected products:

Captive Historian
SQL Server

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-61943
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page