What is the severity of CVE-2025-24865?

CVE-2025-24865 is considered a significant security vulnerability due to the ability for unauthorized access to sensitive information.

How do I fix CVE-2025-24865?

To fix CVE-2025-24865, ensure that authentication is enabled for the administrative web interface of mySCADA myPRO Manager.

What versions of mySCADA myPRO Manager are affected by CVE-2025-24865?

CVE-2025-24865 affects all versions of mySCADA myPRO Manager prior to 1.4.

What could an attacker do if they exploit CVE-2025-24865?

An attacker could retrieve sensitive information and potentially upload files without authentication if they exploit CVE-2025-24865.

How can I secure mySCADA myPRO Manager against CVE-2025-24865?

Securing mySCADA myPRO Manager against CVE-2025-24865 involves configuring proper access controls and ensuring that the administrative interface requires authentication.

Vulnerability/
CVE-2025-24865

critical

CWE

306

EPSS

0.045%

13/2/2025

14/2/2025

CVE-2025-24865: mySCADA myPRO Manager Missing Authentication for Critical Function

First published: Thu Feb 13 2025(Updated: )

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
mySCADA myPRO Manager	<1.4	1.4

Remedy

mySCADA recommends users update to myPRO Manager v1.4 https://www.myscada.org/downloads/mySCADAPROManager/

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-25-044-16

Frequently Asked Questions

What is the severity of CVE-2025-24865?
CVE-2025-24865 is considered a significant security vulnerability due to the ability for unauthorized access to sensitive information.
How do I fix CVE-2025-24865?
To fix CVE-2025-24865, ensure that authentication is enabled for the administrative web interface of mySCADA myPRO Manager.
What versions of mySCADA myPRO Manager are affected by CVE-2025-24865?
CVE-2025-24865 affects all versions of mySCADA myPRO Manager prior to 1.4.
What could an attacker do if they exploit CVE-2025-24865?
An attacker could retrieve sensitive information and potentially upload files without authentication if they exploit CVE-2025-24865.
How can I secure mySCADA myPRO Manager against CVE-2025-24865?
Securing mySCADA myPRO Manager against CVE-2025-24865 involves configuring proper access controls and ensuring that the administrative interface requires authentication.

collector/nvd-api
source/NVD
agent/weakness
agent/references
agent/author
agent/description
agent/type
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/severity
agent/remedy
agent/source
agent/first-publish-date
agent/tags
agent/event
vendor/: myscada
canonical/myscada mypro manager

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.