CVE- 2025-14988 is a critical 9.8 vulnerability identified in ibaPDA, a core data acquisition system used in industrial environments, with the flaw affecting ibaPDA version 8.12.0. The vulnerability allows unauthorized actors to tamper with the underlying file system, potentially compromising the confidentiality, integrity or availability of vital industrial data.
According to CISA, the advisory, the issue could enable unauthorized actions on the file system under certain conditions. iba Systems has advised users to update to ibaPDA v8.12.1 or a later version to close the security gap. For organisations unable to take systems offline, the advisory recommends several hardening measures, including enabling User Management and setting a password for the admin user.
It also urges restricting network access via the Server Access Manager to whitelist trusted IPs, and to disable the Windows Firewall port-autogeneration feature in favour of manually configured rules.