CVE-2025-4692 MEDIUM

CVE-2025-4692: ABUP IoT Cloud Platform Incorrect Privilege Assignment

Vendor Abup
Product ABUP IoT Cloud Platform
Weakness CWE-266
Published May 22, 2025
Last update May 23, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform.

Key dates

02Disclosure timeline

May 22, 2025 CVE published
May 23, 2025 Record updated