CVE-2025-58429 is a relative path traversal vulnerability classified under CWE-23, discovered in AutomationDirect's Productivity Suite software version 4.4.1.19. This vulnerability allows an unauthenticated remote attacker to exploit the ProductivityService PLC simulator component to delete arbitrary files on the target machine. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), with low attack complexity (AC:L). The vulnerability impacts system integrity and availability severely (VA:H, VI:L), as attackers can remove critical files, potentially disrupting industrial control processes. The scope is limited to the affected Productivity Suite installations but can have significant operational consequences. No patches or known exploits are currently available, increasing the urgency for defensive measures. The vulnerability was publicly disclosed on October 23, 2025, and assigned a CVSS 4.0 base score of 8.3, indicating high severity. The lack of authentication and ease of exploitation make this a critical concern for industrial environments relying on AutomationDirect's PLC simulation software.

For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a significant risk. Exploitation can lead to deletion of essential files, causing disruption or downtime in production lines and control systems. This can result in financial losses, safety hazards, and potential regulatory non-compliance under frameworks like NIS2 and GDPR if operational disruptions affect personal data processing or critical services. The unauthenticated nature of the exploit increases the attack surface, allowing external threat actors or insiders with network access to cause damage without needing credentials. The impact extends beyond confidentiality to integrity and availability, potentially halting industrial processes and affecting supply chains. European organizations with interconnected OT and IT environments may face cascading effects, amplifying operational risks.

1. Immediately restrict network access to the ProductivityService PLC simulator by implementing strict firewall rules and network segmentation, isolating it from untrusted networks and the internet. 2. Employ intrusion detection and prevention systems (IDS/IPS) tuned to detect unusual file deletion or path traversal attempts targeting the Productivity Suite. 3. Monitor system logs and file integrity to identify unauthorized deletions promptly. 4. Apply the principle of least privilege on systems running Productivity Suite, ensuring that the service operates with minimal permissions to limit file deletion scope. 5. Engage with AutomationDirect for updates or patches and apply them as soon as they become available. 6. Conduct security awareness and incident response drills focused on OT environments to prepare for potential exploitation scenarios. 7. Consider deploying application-layer gateways or proxies that can validate and sanitize requests to the ProductivityService to prevent path traversal payloads. 8. Regularly back up critical configuration and operational files to enable rapid recovery in case of file deletion.