ACCORDING to CISA, the Inductive Automation Ignition Software vulnerability could allow an attacker to execute malicious code with OS application service account permissions due to deserialization of untrusted data. The affected product is Inductive Automation Ignition Software versions older than 8.3.0, associated with CVE-2025-13913, and it carries a CVSS v3.1 base score of 6.3.
The advisory states that a privileged Ignition user could import an external file with a crafted payload to trigger the embedded code during deserialization. Mitigations include upgrading Ignition software from 8.1.x or 8.2.x to 8.3.0 or greater, along with recommended hardening measures in the Ignition Security Hardening Guide. The notice also notes that no known public exploitation has been reported and that the vulnerability is not exploitable remotely. The advisory release date is 12 March 2026.