CVE-2025-0001: authenticated arbitrary file read vulnerability

Medium (6.5)

Sign up for FREE to recieve instant alerts about this vulnerability!

Description

Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability.

Classification

CVE ID: CVE-2025-0001

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor: Abacus Research AG

Product: Abacus

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 0.11882 (how common is this exploit)

EPSS Date: 2025-03-11 (when was this score calculated)

Timeline