Two critical command injection flaws (CVE-2025-20014, CVE-2025-20061) in mySCADA myPRO could allow attackers to execute arbitrary commands, risking operational disruptions and financial losses. Patched in mySCADA PRO Manager 1.3 and PRO Runtime 9.2.1, organizations should update, isolate SCADA systems, enforce strong authentication, and monitor for threats.

‍