Main Vulnerability Database Vulnerabilities #VU109667

#VU109667 Incorrect permission assignment for critical resource in Automation Builder - CVE-2025-3394

Published: May 23, 2025

Vulnerability identifier: #VU109667

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-3394

CWE-ID: CWE-732

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Automation Builder

Software vendor:
ABB

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource. A local user can modify parts of the Automation Builder project file by specially crafting contents so the user management will be overruled.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://search.abb.com/library/Download.aspx?DocumentID=3ADR011407&LanguageCode=en&DocumentPartId=&Action=Launch
https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-04

#VU109667 Incorrect permission assignment for critical resource in Automation Builder - CVE-2025-3394

Description

Remediation

External links

Please verify you're human