CVE-2025-4692
ABUP IoT Cloud Platform Incorrect Privilege Assignment
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the
ABUP Cloud Update Platform.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Productos afectados
ABUP · ABUP IoT Cloud Platform¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →