CVE-2025-4692
6.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Summary
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the
ABUP Cloud Update Platform.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABUP | ABUP IoT Cloud Platform | All versions | affected |
Weaknesses
- CWE-266: CWE-266
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.