CVE-2025-53187

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-53187
Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A4462&LanguageCode=en&DocumentPartId=pdf&Action=Launch
Configurations

No configuration.

History

04 Sep 2025, 10:42

Type Values Removed Values Added
Summary (en) Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01. (en) Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01

21 Aug 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.0 		v2 : unknown
v3 : 9.8

21 Aug 2025, 11:15

Type Values Removed Values Added
CWE CWE-94 CWE-288
Summary
  • (es) Vulnerabilidad de control inadecuado de generación de código ('Inyección de código') en ABB ASPECT. Este problema afecta a ASPECT: anteriores a &lt;3.08.04-s01.
Summary (en) Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01. (en) Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.

11 Aug 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-11 18:15

Updated : 2025-09-04 10:42

NVD link : CVE-2025-53187

Mitre link : CVE-2025-53187

CVE.ORG link : CVE-2025-53187

JSON object : View

Products Affected

No product.

CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel