CVE-2025-13162
Awaiting Analysis Awaiting Analysis - Queue

Uncontrolled Search Path Element in ABB Control Builder A and 800xA for Advant Master

Vulnerability report for CVE-2025-13162, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-23

Last updated on: 2026-06-25

Assigner: Asea Brown Boveri Ltd. (ABB)

Description

Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-23
Last Modified
2026-06-25
Generated
2026-07-14
AI Q&A
2026-06-23
EPSS Evaluated
2026-07-12
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
abb control_builder_a to 1.4/4 (exc)
abb 800xa_for_advant_master to 6.1.1-3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Uncontrolled Search Path Element issue found in ABB Control Builder A and ABB 800xA for Advant Master software. It affects versions of Control Builder A up to 1.4/4 and versions of 800xA for Advant Master up to 6.2.0-1. An uncontrolled search path element vulnerability typically means that the software improperly handles the paths it searches for resources or executables, which can lead to the execution of unintended or malicious code.

Impact Analysis

The vulnerability has a moderate severity score (CVSS v3.1 base score of 4.4) and involves a local attacker with low privileges who requires user interaction to exploit it. The impact is primarily on the integrity of the system, meaning an attacker could potentially execute unauthorized code or alter system behavior, but it does not affect confidentiality or availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13162. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart