ICSA-25-175-06 · Published 2025-06-24 · View on CISA ICS-CERT ↗

Parsons AccuWeather widget

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to insert a malicious link that users might access through the RSS feed.

CVE-2025-5015

Parsons Utility Enterprise Data Management Customers - This vulnerability has been patched in all instances managed by Parsons as of January 7, 2025. No end-user action is required.
AclaraONE Hosted Customers – This vulnerability has been patched in all instances managed by Aclara as of February 7, 2025. No end-user action is required.
AclaraONE On Premise Customers - End-user action is required. A patch and mitigation information for AclaraOne is available through the Aclara Connect Customer Portal. If you prefer assistance, Aclara Support would be happy to help. Customers may request an appointment to apply the patch update by opening a ticket on the Aclara Connect Customer Portal, or by contacting us by phone or email. Requests will be processed in the order received.

Parsons

Parsons · Parsons Utility Enterprise Data Management 5.18

Parsons · Parsons Utility Enterprise Data Management 5.03

Parsons · Parsons Utility Enterprise Data Management >=4.02|<=4.26

Parsons · Parsons Utility Enterprise Data Management 3.30

Parsons · AclaraONE Utility Portal <1.22

Communications

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.