← back
CVE-2025-14988

Incorrect Permission Assignment for Critical Resource vulnerability in iba Systems ibaPDA

CVSS 10 CRITICALEPSS 0.4%CWE-732
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
iba Systems · ibaPDA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-01