CVE-2025-8386 – AVEVA Application Server IDE Basic Cross-site Scripting

CVE ID : CVE-2025-8386

Published : Nov. 15, 2025, 12:15 a.m. | 46 minutes ago

Description : The vulnerability, if exploited, could allow an authenticated miscreant
(with privilege of “aaConfigTools”) to tamper with App Objects’ help
files and persist a cross-site scripting (XSS) injection that when
executed by a victim user, can result in horizontal or vertical
escalation of privileges. The vulnerability can only be exploited during
config-time operations within the IDE component of Application Server.
Run-time components and operations are not affected.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…