Trust Center

If you noticed Ignition CVE-2025-13911, you're probably wondering what this means for you.

The default Ignition installation on Windows grants greater operating system permissions than is needed in most cases. An Ignition administrator importing malicious project resources could lead to a system level compromise or other significant effects.

This Tech Advisory contains more information. Steps #1-#3 correct the issue. The Ignition Security Hardening Guide has been updated with “Appendix A - Restrict the Ignition Service Security” with additional recommendations.

Feel free to reach out to Inductive Automation if you have any additional questions.

Inductive Automation has verified that CVE‑2025‑55182 (critical React server components vulnerability) does not impact Ignition software, including transitive dependencies. All versions of Ignition and supporting infrastructure are confirmed to be secure.

The IA Security and Trust Portal content has been recently updated to proactively share information. This includes badges for ISO 9001 (Quality) and IEC 62443 (Secure Software Development) certification with downloadable pdf certificates. ISO 27001 (Information Security) and ISO 14001 (Environmental Management) work is underway, with a downloadable letter of commitment for certification in 2026 from our consultant. A 21 CFR Part 11 badge includes an informational guide for using Ignition in pharmaceutical, Life Sciences, or regulated spaces.

Please contact security@inductiveautomation.com with portal update requests.

Ignition customers who are currently using the internal Ignition Identity Provider backed by a user source containing users with RFID badges set are recommended to upgrade to >=8.1.44 due to a remediated vulnerability, assessed with a CVSS v3 score of 8.0, that is exploitable under specific configuration and conditions. The issue was discovered internally. There is no indication of prior public knowledge or exploits