CVE-2025-3395 | THREATINT

Description

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.

PUBLISHED Reserved 2025-04-07 | Published 2025-04-30 | Updated 2025-04-30 | Assigner ABB

HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

HIGH: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

CWE-312 Cleartext Storage of Sensitive Information

Product status

Default status

unaffected

Any version

affected

Credits

ABB acknowledges and extends gratitude to Jiho Shin from Sungkyunkwan University for responsibly disclosing the vulnerability and providing valuable input on product improvements. finder

References

search.abb.com/...guageCode=en&DocumentPartId=&Action=Launch

cve.org (CVE-2025-3395)

nvd.nist.gov (CVE-2025-3395)

Download JSON