CVE-2025-9317 is a vulnerability identified in AVEVA Edge, a software product widely used in industrial automation and operational technology environments. The vulnerability is classified under CWE-327, which pertains to the use of weak cryptographic hashes. Specifically, the issue arises because Edge Project files and Edge Offline Cache files store user credentials—both app-native and Active Directory passwords—in a manner that allows an attacker with read access to these files to perform computational brute-force attacks against the weak hashes. This means that if an attacker can obtain these files, they can reverse engineer the passwords by trying numerous guesses offline until the correct password hash is matched. The CVSS 3.1 score of 8.4 reflects a high severity, with the vector indicating low attack complexity, low privileges required, no user interaction, and a scope change due to the potential compromise of confidentiality and integrity of user credentials. The vulnerability does not directly impact system availability. No patches or fixes have been published at the time of disclosure, and there are no known exploits in the wild. The vulnerability poses a significant risk because compromised credentials could allow attackers to escalate privileges, move laterally within networks, or access sensitive industrial control systems. The root cause is the use of weak hashing algorithms that do not provide sufficient resistance against brute-force attacks, highlighting a cryptographic weakness in the product's credential storage mechanism.

For European organizations, especially those in critical infrastructure sectors such as manufacturing, energy, and utilities that rely on AVEVA Edge for industrial control and automation, this vulnerability presents a serious threat. Successful exploitation could lead to the compromise of user credentials, including Active Directory passwords, which are often used for broader network authentication. This could enable attackers to escalate privileges, conduct lateral movement, and potentially disrupt industrial processes or exfiltrate sensitive operational data. The confidentiality and integrity of user credentials are at high risk, which could undermine trust in operational technology environments. Given the interconnected nature of industrial systems in Europe and the increasing targeting of OT environments by threat actors, this vulnerability could facilitate advanced persistent threats (APTs) or insider attacks. The lack of a patch increases the window of exposure, and organizations with inadequate file access controls or weak password policies are particularly vulnerable. The impact is compounded by the potential for scope change, where a local read access vulnerability escalates to broader network compromise.

To mitigate this vulnerability, European organizations should immediately restrict access to Edge Project and Offline Cache files using strict file system permissions and network segmentation to limit read access only to authorized personnel and systems. Implement robust monitoring and alerting for any unauthorized access attempts to these files. Enforce strong password policies that require complex, high-entropy passwords to reduce the effectiveness of brute-force attacks against hashes. Where possible, apply multi-factor authentication (MFA) for accessing AVEVA Edge and related systems to reduce reliance on password security alone. Organizations should also engage with AVEVA for updates and patches and plan for timely deployment once available. Conduct regular audits of credential storage practices and consider additional encryption layers for sensitive files. Additionally, implement network segmentation and least privilege principles to limit the potential lateral movement of attackers who may gain credentials. Finally, educate OT and IT staff about the risks of credential exposure and the importance of securing project and cache files.