- What is the severity of CVE-2022-25250?
- CVE-2022-25250 has been scored as a high severity vulnerability.
- How to fix CVE-2022-25250?
- To fix CVE-2022-25250: PTC recommends the following: Upgrade to Axeda agent Version 6.9.2 build 1049 or 6.9.3 build 1051 when running older versions of the Axeda agent. Configure Axeda agent and Axeda Desktop Server (ADS) to only listen on the local host interface 127.0.0.1. Refer to PTC knowledge article CS360255 Provide a unique password in the AxedaDesktop.ini file for each unit. Never use ERemoteServer in production. Make sure to delete ERemoteServer file from host device. Remove the installation file, for example: Gateway_vs2017-en-us-x64-pc-winnt-vc14-6.9.3-1051.msi When running in Windows or Linux, only allow connections to ERemoteServer from trusted hosts and block all others. When running the Windows operating system, configure Localhost communications (127.0.0.1) between ERemoteServer and Axeda Builder. Refer to PTC knowledge article CS360255 Configure the Axeda agent for the authentication information required to log in to the Axeda Deployment Utility. Refer to PTC knowledge article CS360255 PTC recommends upgrading the Axeda Desktop Server (ADS) to Version 6.9 build 215 The Axeda agent loopback-only configuration is only available in Version 6.9.1 and above. Hence, upgrading to Axeda agent 6.9.1 or above is required.
- Is CVE-2022-25250 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2022-25250 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2022-25250?
- CVE-2022-25250 affects PTC Axeda agent, PTC Axeda Desktop Server for Windows.