Vulnerability Description
A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scada-Lts | Scada-Lts | 2.7.8.1 |
Related Weaknesses (CWE)
References
- https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/%20CVE-2025-9139.mdBroken Link
- https://vuldb.com/?ctiid.320519Permissions RequiredVDB Entry
- https://vuldb.com/?id.320519Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.621062Third Party AdvisoryVDB Entry
- https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20InformBroken Link
- https://vuldb.com/?submit.621062Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-9139?
CVE-2025-9139 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation ...
How severe is CVE-2025-9139?
CVE-2025-9139 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9139?
Check the references section above for vendor advisories and patch information. Affected products include: Scada-Lts Scada-Lts.