CVE-2025-7679

Published Aug 11, 2025

Last updated 11 days ago

CVSS critical 9.2
OT

Overview

Description
The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT
Source
cybersecurity@ch.abb.com
NVD status
Deferred

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cybersecurity@ch.abb.com
CWE-306

Social media

Hype score
Not currently trending

  1. 🚨🚨ABB ASPECT BMS Flaws Exposed CVE-2025-53187 (CVSS 9.8): Debug code allows auth bypass, enabling RCE, file access, & system time manipulation. CVE-2025-7679 (CVSS 8.1): Session ID flaw lets attackers skip authentication. CVE-2025-7677 (CVSS 5.9): Buffer issue causes D

    @zoomeye_team

    5 Sept 2025

    487 Impressions

    1 Retweet

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. CVE-2025-7679 Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions. https://t.co/XXGU43QosI

    @CVEnew

    11 Aug 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-7679: HIGH] Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.#cve,CVE-2025-7679,#cybersecurity https://t.co/6ywK7KR0Bg https://t.co/mwwC9lYx6l

    @CveFindCom

    11 Aug 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.CVE-2026-32746
  2. A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.CVE-2026-20128
  3. Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor VulnerabilityCVE-2026-20133
  4. A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.CVE-2026-20122
  5. The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.CVE-2026-24790

References

Sources include official advisories and independent security research.