CVE-2025-30170

Admin Authorized Exposure of file path, file size or file existence

CVSS 5.9 MEDIUMEPSS 0.3%CWE-497

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 May 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C

Affected products

ABB · ASPECT-Enterprise ABB · MATRIX Series ABB · NEXUS Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch