CVE-2025-9574 CRITICAL

CVE-2025-9574: Missing Authentication Vulnerability

Vendor Abb
Product ALS-mini-s4 IP
Weakness CWE-306 · Missing auth
Published October 20, 2025
Last update October 24, 2025

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Red

What the vulnerability does

01Description

Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .  All firmware versions with the Serial Number from 2000 to 5166

Key dates

02Disclosure timeline

October 20, 2025 CVE published
October 24, 2025 Record updated