CVE-2025-58078 HIGH

CVE-2025-58078: AutomationDirect Productivity Suite Relative Path Traversal

Vendor Automationdirect

Product Productivity Suite

Weakness CWE-23

Published October 23, 2025

Last update October 24, 2025

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L

What the vulnerability does

01Description

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine.

Key dates

02Disclosure timeline

October 23, 2025 CVE published

October 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-58078

Related vulnerabilities

Identifiers

CVE CVE-2025-58078

CWE CWE-23

CVSS 8.3 / HIGH

Affected versions

Vendor Automationdirect

Product Productivity Suite

Affected ≤ SW V4.2.1.9

Vendor Automationdirect

Product Productivity 3000 P3-622 CPU

Affected ≤ SW V4.2.1.9

Vendor Automationdirect

Product Productivity 3000 P3-550E CPU

Affected ≤ SW V4.2.1.9

Vendor Automationdirect

Product Productivity 3000 P3-530 CPU

Affected ≤ SW v4.4.1.19

Vendor Automationdirect

Product Productivity 2000 P2-622 CPU

Affected ≤ SW v4.4.1.19

Vendor Automationdirect

Product Productivity 2000 P2-550 CPU

Affected ≤ SW v4.4.1.19

Vendor Automationdirect

Product Productivity 1000 P1-550 CPU

Affected ≤ SW v4.4.1.19

Vendor Automationdirect

Product Productivity 1000 P1-540 CPU

Affected < SW v4.4.1.19

CVE-2025-58078: AutomationDirect Productivity Suite Relative Path Traversal

01Description

02Disclosure timeline

03References

04Related CVE