Home / Security updates / CVE-2025-13913 (Ignition file import)
CVE-2025-13913 (Ignition file import)
Security updates detail rendered from /security-updates/upd_291964283f25be04.
Overview
| ID | upd_291964283f25be04 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Inductive Automation |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_291964283f25be04 |
| providerId | safebase |
| organizationId | org_c33cee22406d8250 |
| trustCenterId | tc_f9bb528a92c3549a |
| title | CVE-2025-13913 (Ignition file import) |
| message | Ignition software versions **prior to 8.3.0** are affected by **[CVE‑2025‑13913](https://www.cve.org/cverecord?id=CVE-2025-13913)**. A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code. This issue was responsibly reported by security researchers at Meta. No exploits are known to exist in the wild. Following the guidance in *Appendix A – Restrict the Ignition Service Security* of the [Ignition Security Hardening Guide](https://inductiveautomation.com/resources/article/ignition-security-hardening-guide) is considered best practice and reduces the risk of exploitation by limiting the privileges available to the Ignition service. Clarification: Early public descriptions of CVE‑2025‑13913 incorrectly stated that “Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the ‘forgot password’ recovery emai |
| url | - |
| publishedAt | 2026-03-17 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_c33cee22406d8250",
"name": "Inductive Automation",
"domains": [
"security.inductiveautomation.com",
"inductiveautomation.com"
]
} |
| trust_center | {
"id": "tc_f9bb528a92c3549a",
"name": "Inductive Automation",
"url": "https://security.inductiveautomation.com",
"host": "security.inductiveautomation.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_291964283f25be04",
"company": "/v1/companies/org_c33cee22406d8250",
"trust_center": "/v1/trust-centers/tc_f9bb528a92c3549a",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_291964283f25be04JSON