{"cve":{"cve_id":"CVE-2025-60023","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00465,"epss_percentile":0.36714,"epss_as_of":"2026-06-23","description":"A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.","published_at":"2025-10-23T22:21:05.084000Z","last_modified_at":null,"cvss_v3_score":4.0,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":6.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-23"],"nvd_references":["https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01","https://www.automationdirect.com/support/software-downloads","https://support.automationdirect.com/docs/securityconsiderations.pdf","https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:27:53.430913Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"L","value_label":"Low"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"automationdirect","vendor_name":"AutomationDirect","product_slug":"productivity-1000-p1-540-cpu","product_name":"Productivity 1000 P1-540 CPU","version_start":"0","version_start_inclusive":true,"version_end":"SW v4.4.1.19","version_end_inclusive":false,"cpe23_uri":"cve5:automationdirect:productivity-1000-p1-540-cpu:0:SW v4.4.1.19"},{"vendor_slug":"automationdirect","vendor_name":"AutomationDirect","product_slug":"productivity-1000-p1-550-cpu","product_name":"Productivity 1000 P1-550 CPU","version_start":"0","version_start_inclusive":true,"version_end":"SW v4.4.1.19","version_end_inclusive":true,"cpe23_uri":"cve5:automationdirect:productivity-1000-p1-550-cpu:0:SW v4.4.1.19"},{"vendor_slug":"automationdirect","vendor_name":"AutomationDirect","product_slug":"productivity-2000-p2-550-cpu","product_name":"Productivity 2000 P2-550 CPU","version_start":"0","version_start_inclusive":true,"version_end":"SW v4.4.1.19","version_end_inclusive":true,"cpe23_uri":"cve5:automationdirect:productivity-2000-p2-550-cpu:0:SW v4.4.1.19"},{"vendor_slug":"automationdirect","vendor_name":"AutomationDirect","product_slug":"productivity-2000-p2-622-cpu","product_name":"Productivity 2000 P2-622 CPU","version_start":"0","version_start_inclusive":true,"version_end":"SW v4.4.1.19","version_end_inclusive":true,"cpe23_uri":"cve5:automationdirect:productivity-2000-p2-622-cpu:0:SW v4.4.1.19"},{"vendor_slug":"automationdirect","vendor_name":"AutomationDirect","product_slug":"productivity-3000-p3-530-cpu","product_name":"Productivity 3000 P3-530 CPU","version_start":"0","version_start_inclusive":true,"version_end":"SW v4.4.1.19","version_end_inclusive":true,"cpe23_uri":"cve5:automationdirect:productivity-3000-p3-530-cpu:0:SW v4.4.1.19"},{"vendor_slug":"automationdirect","vendor_name":"AutomationDirect","product_slug":"productivity-3000-p3-550e-cpu","product_name":"Productivity 3000 P3-550E CPU","version_start":"0","version_start_inclusive":true,"version_end":"SW V4.2.1.9","version_end_inclusive":true,"cpe23_uri":"cve5:automationdirect:productivity-3000-p3-550e-cpu:0:SW V4.2.1.9"},{"vendor_slug":"automationdirect","vendor_name":"AutomationDirect","product_slug":"productivity-3000-p3-622-cpu","product_name":"Productivity 3000 P3-622 CPU","version_start":"0","version_start_inclusive":true,"version_end":"SW V4.2.1.9","version_end_inclusive":true,"cpe23_uri":"cve5:automationdirect:productivity-3000-p3-622-cpu:0:SW V4.2.1.9"},{"vendor_slug":"automationdirect","vendor_name":"AutomationDirect","product_slug":"productivity-suite","product_name":"Productivity Suite","version_start":"0","version_start_inclusive":true,"version_end":"SW V4.2.1.9","version_end_inclusive":true,"cpe23_uri":"cve5:automationdirect:productivity-suite:0:SW V4.2.1.9"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://www.automationdirect.com/support/software-downloads","source_type":"MISC","tags":[]},{"url":"https://support.automationdirect.com/docs/securityconsiderations.pdf","source_type":"MISC","tags":[]},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-10-23T22:21:05.084000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:48:34.338798Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:34.338798Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:34.338798Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:34.338798Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:34.338798Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:34.338798Z","label":"CVSS score revised","source":"cvelistv5"}]}