CVE-2025-62498

Description

A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.

CVSS breakdown

Affected products

• AutomationDirect / Productivity 1000 P1-540 CPU0 – SW v4.4.1.19
• AutomationDirect / Productivity 1000 P1-550 CPU0 – SW v4.4.1.19
• AutomationDirect / Productivity 2000 P2-550 CPU0 – SW v4.4.1.19
• AutomationDirect / Productivity 2000 P2-622 CPU0 – SW v4.4.1.19
• AutomationDirect / Productivity 3000 P3-530 CPU0 – SW v4.4.1.19
• AutomationDirect / Productivity 3000 P3-550E CPU0 – SW V4.2.1.9
• AutomationDirect / Productivity 3000 P3-622 CPU0 – SW V4.2.1.9
• AutomationDirect / Productivity Suite0 – SW V4.2.1.9

References

• VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01
• MISChttps://www.automationdirect.com/support/software-downloads
• MISChttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json