CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-30170: Admin Authorized Exposure of file path, file size or file existence

5.5 CVSS

Description

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

Classification

CVE ID: CVE-2025-30170

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Problem Types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Affected Products

Vendor: ABB

Product: ASPECT-Enterprise, NEXUS Series, MATRIX Series

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.13% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30170
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&LanguageCode=en&DocumentPartId=pdf&Action=Launch

Timeline

2025-05-22 18:40:18 UTC
CVE

Admin Authorized Exposure of file path, file size or file existence