CVE-2025-53187
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-09-04
Assigner: Asea Brown Boveri Ltd. (ABB)
Description
Description
Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| abb | aspect_fw | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Control of Generation of Code, also known as a Code Injection vulnerability, found in ABB ASPECT software versions before 3.08.04-s01. It allows an attacker to inject malicious code due to insufficient controls on code generation.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized code execution, potentially allowing attackers to compromise the affected system's confidentiality, integrity, and availability. It may result in system manipulation, data breaches, or service disruptions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70