CVE-2025-61934
Published: 23 October 2025
Description
Adversaries may delete files left behind by the actions of their intrusion activity.
Security Summary
CVE-2025-61934 is a binding to an unrestricted IP address vulnerability (CWE-1327) discovered in Productivity Suite software version v4.4.1.19, specifically affecting the ProductivityService PLC simulator. Published on 2025-10-23T22:15:48.710, it carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, low complexity, no privileges or user interaction required, and scope change.
An unauthenticated remote attacker can exploit this vulnerability over the network to interact directly with the ProductivityService PLC simulator, enabling read, write, or delete access to arbitrary files and folders on the target machine. This grants comprehensive file system manipulation, potentially leading to full system compromise, data exfiltration, persistence, or disruption of industrial control operations.
Mitigation details are outlined in related advisories, including CISA ICSA-25-296-01 (https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01 and https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json), AutomationDirect security considerations (https://support.automationdirect.com/docs/securityconsiderations.pdf), and software downloads (https://www.automationdirect.com/support/software-downloads). Practitioners should consult these for patching instructions and configuration guidance.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability in a public-facing ProductivityService allows unauthenticated remote arbitrary file read/write/delete, directly enabling initial access via public-facing app exploitation (T1190), local data collection (T1005), file discovery (T1083), and file deletion for evasion (T1070.004).