CVE-2025-53187

CWE-288CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICAL
EPSS
0.1%
top 79.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ABB Aspect
Timeline
PublishedAug 11

Description

Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5abb/aspect< <3.08.04-s01

🔴Vulnerability Details

2
GHSA
GHSA-xqxh-xcx3-fff7: Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT2025-08-11
CVEList
Unauthenticated RCE2025-08-11
CVE-2025-53187 (CRITICAL CVSS 9.3) | Due to an issue in configuration | cvebase.io