CVE-2025-11044 | THREATINT

Description

An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices.

PUBLISHED Reserved 2025-09-26 | Published 2026-01-19 | Updated 2026-01-19 | Assigner ABB

HIGH: 8.9CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

MEDIUM: 6.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Default status

unaffected

4 (custom) before R4.93

affected

6 (custom) before 6.5

affected

References

www.br-automation.com/fileadmin/SA25P005-26597bd0.pdf

cve.org (CVE-2025-11044)

nvd.nist.gov (CVE-2025-11044)

Download JSON