AVEVA Edge cryptographic weakness enables password recovery
🔒 AVEVA has released advisory ICSA-25-317-03 addressing a cryptographic weakness in AVEVA Edge (formerly InduSoft Web Studio) that could allow a local actor with read access to project or offline cache files to brute-force user or Active Directory passwords. The issue is tracked as CVE-2025-9317 and carries a CVSS v4 base score of 8.3. AVEVA provides a 2023 R2 P01 Security Update and recommends project migration, password resets, and tightened file access controls. This vulnerability is not remotely exploitable according to CISA.
