CVE-2025-9970 MEDIUM

CVE-2025-9970: Application credential stored in clear text in memory

Vendor Abb
Product MConfig
Weakness CWE-316
Published October 8, 2025
Last update October 8, 2025

CVSS base score

5.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.

Key dates

02Disclosure timeline

October 8, 2025 CVE published
October 8, 2025 Record updated