CVE-2025-30170Exposure of Sensitive System Information to an Unauthorized Control Sphere in Aspect-enterprise

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 48.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ABB Aspect-enterpriseABB Matrix SeriesABB Nexus Series
Timeline
PublishedMay 22

Description

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/S:N

Affected Packages3 packages

CVEListV5abb/nexus_series3.08.03
CVEListV5abb/matrix_series3.08.03
CVEListV5abb/aspect-enterprise3.08.03

🔴Vulnerability Details

2
GHSA
GHSA-xpm6-qgmg-747p: Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administra2025-05-22
CVEList
Admin Authorized Exposure of file path, file size or file existence2025-05-22
CVE-2025-30170 — ABB Aspect-enterprise vulnerability | cvebase