CVE-2025-61934 CRITICAL

CVE-2025-61934: AutomationDirect Productivity Suite Binding to an Unrestricted IP Address CWE-1327

Vendor Automationdirect
Product Productivity Suite
Weakness CWE-1327
Published October 23, 2025
Last update October 24, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine

Key dates

02Disclosure timeline

October 23, 2025 CVE published
October 24, 2025 Record updated