VDB
CVE-2025-2595
CVE-2025-2595
PUBLISHED
CVSS 5.300000190734863 MEDIUM
The visualization allows users to create browser-based visualizations for monitoring and controlling industrial processes. Access to these visualizations can be restricted using the built-in user management. However, an unauthenticated remote attacker can bypass the user management and read visualization files by means of forced browsing. The exposed files, accessible via a web browser, contain only static visualization data such as text lists, icons or images, but no live data from the controlled system.
EPSS 0.03% · 7.3th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C
EPSS Score
0.03%
7.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | ABB AC500 V3 <3.9.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-2595 (circl-sighting)
- CIRCL seen: CVE-2025-2595 (circl-sighting)
- CIRCL seen: CVE-2025-2595 (circl-sighting)
- CIRCL seen: CVE-2025-2595 (circl-sighting)
- CIRCL seen: CVE-2025-2595 (circl-sighting)
- CIRCL seen: CVE-2025-2595 (circl-sighting)
- CIRCL seen: CVE-2025-2595 (circl-sighting)
- https://certvde.com/en/advisories/VDE-2025-027 (circl)
Timeline
- Apr 22, 2025 CVE Published
- Apr 23, 2025 EPSS Score
- Apr 23, 2025 Coalition ESS Score
- Apr 23, 2025 PoC Published
- Apr 23, 2025 PoC Published
- May 5, 2025 EPSS Score
- May 6, 2025 PoC Published
- May 17, 2025 EPSS Score
- May 29, 2025 EPSS Score
- Jun 11, 2025 EPSS Score
- Jun 23, 2025 EPSS Score
- Jul 5, 2025 EPSS Score
References
- https://psirt.abb.com/csaf/2026/3adr011524.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR011524&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://api-www.codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-05_VIS-5003_.pdf advisory
- https://api-www.codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-07_CDS-93244.pdf advisory
- https://api-www.codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-08_CDS-94690.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-2595 advisory