ByteOS Network

Vulnerability Details :

CVE-2025-30170

Assigner-ABB

Assigner Org ID-2b718523-d88f-4f37-9bbd-300c20644bf9

Published At-22 May, 2025 | 17:38

Updated At-22 May, 2025 | 18:32

Admin Authorized Exposure of file path, file size or file existence

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:ABB

Assigner Org ID:2b718523-d88f-4f37-9bbd-300c20644bf9

Published At:22 May, 2025 | 17:38

Updated At:22 May, 2025 | 18:32

▼CVE Numbering Authority (CNA)

Admin Authorized Exposure of file path, file size or file existence

Affected Products

Vendor

ABB

Product

ASPECT-Enterprise

Platforms

Linux

Default Status

affected

Versions

Affected

From 0 through 3.08.03 (custom)

Vendor

ABB

Product

NEXUS Series

Platforms

Linux

Default Status

unaffected

Versions

Affected

From 0 through 3.08.03 (custom)

Vendor

ABB

Product

MATRIX Series

Platforms

Linux

Default Status

unaffected

Versions

Affected

From 0 through 3.08.03 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-497	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Type: CWE

CWE ID: CWE-497

Description: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Metrics

Version	Base score	Base severity	Vector
4.0	5.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C
3.1	5.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Version: 4.0

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

References

Hyperlink	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch	N/A

Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cybersecurity@ch.abb.com

Published At:22 May, 2025 | 18:15

Updated At:23 May, 2025 | 15:55

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:X/U:X
Secondary	3.1	5.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Type: Secondary

Version: 4.0

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-497	Primary	cybersecurity@ch.abb.com

CWE ID: CWE-497

Type: Primary

Source: cybersecurity@ch.abb.com

References

Hyperlink	Source	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch	cybersecurity@ch.abb.com	N/A

Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch

Source: cybersecurity@ch.abb.com

Resource: N/A

Similar CVEs

1Records found

CVE-2025-49419

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 11.77%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 14:06

WordPress Foxit eSign for WordPress <= 2.0.3 - Other Vulnerability Type Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.

Vendor-esigngenie

Product-Foxit eSign for WordPress

CWE ID-CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CVE-2025-30170

Credits

Admin Authorized Exposure of file path, file size or file existence

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs