Main Vulnerability Database Vulnerabilities #VU109668

#VU109668 Incorrect permission assignment for critical resource in Automation Builder - CVE-2025-3395

Published: May 23, 2025

Vulnerability identifier: #VU109668

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-3395

CWE-ID: CWE-732

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Automation Builder

Software vendor:
ABB

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource. A local user can modify parts of the files to change the project by overruling the Automation Builder user management.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://search.abb.com/library/Download.aspx?DocumentID=3ADR011407&LanguageCode=en&DocumentPartId=&Action=Launch
https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-04

#VU109668 Incorrect permission assignment for critical resource in Automation Builder - CVE-2025-3395

Description

Remediation

External links

Please verify you're human