CVE-2025-53187 | THREATINT

Description

Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01

PUBLISHED Reserved 2025-06-27 | Published 2025-08-11 | Updated 2025-09-04 | Assigner ABB

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Product status

Default status

unaffected

Any version before <3.08.04-s01

affected

Credits

ABB acknowledges Gjoko Krstikj, Zero Science Lab, for reporting vulnerabilities in responsible disclosure. finder

References

search.abb.com/...geCode=en&DocumentPartId=pdf&Action=Launch

cve.org (CVE-2025-53187)

nvd.nist.gov (CVE-2025-53187)

Download JSON