The ASPECT system allows users to bypass authentication.
This issue affects all versions of ASPECT
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 04 Sep 2025 00:45:00 +0000

Type Values Removed Values Added
Description Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions. The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Tue, 12 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Abb
Abb aspect Enterprise
Abb matrix Series
Abb nexus Series
Vendors & Products Abb
Abb aspect Enterprise
Abb matrix Series
Abb nexus Series

Mon, 11 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 11 Aug 2025 18:45:00 +0000

Type Values Removed Values Added
Description Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Title Session ID Basic Auth Bypass
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2025-09-04T00:35:39.266Z

Reserved: 2025-07-15T14:54:37.423Z

Link: CVE-2025-7679

cve-icon Vulnrichment

Updated: 2025-08-11T18:56:32.765Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-11T19:15:30.693

Modified: 2025-09-04T10:42:34.360

Link: CVE-2025-7679

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-12T11:46:52Z