CVE-2025-13913

Name of the Vulnerable Software and Affected Versions Inductive Automation Ignition (affected versions not specified)

Description An Ignition user importing a specially crafted external file can lead to the execution of embedded malicious code during deserialization. This can occur intentionally or unintentionally. The issue involves a crafted payload within the imported file. The API endpoint '/forgotpassword' may be exposed, potentially allowing remote modification. The vulnerable parameter is not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.