CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-30169: Admin Authorized File Upload and Execute PHP

6.0 CVSS

Description

File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

Classification

CVE ID: CVE-2025-30169

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C

Problem Types

CWE-434: Unrestricted Upload of File with Dangerous Type

Affected Products

Vendor: ABB

Product: ASPECT-Enterprise, NEXUS Series, MATRIX Series

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 13.93% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30169
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch

Timeline

2025-05-22 18:40:18 UTC
CVE

Admin Authorized File Upload and Execute PHP