ASPECT, NEXUS Series, and MATRIX Series File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A file upload vulnerability has been identified in ASPECT-Enterprise, NEXUS Series, and MATRIX Series, all through version 3.08.03. This vulnerability arises if session administrator credentials are compromised, potentially leading to unauthorized file uploads.

Impact

Exploitation of this vulnerability could allow for unauthorized file uploads, which may be followed by remote code execution, depending on the uploaded file type and the application's handling of it.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ASPECT, NEXUS Series, and MATRIX Series File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

ABB ASPECT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating