Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius

ABB has issued an urgent cybersecurity advisory warning customers of a critical authentication bypass vulnerability in the ABB Ability Edgenius Management Portal. The flaw—tracked as CVE-2025-10571—affects versions 3.2.0.0 and 3.2.1.1, and allows an unauthenticated attacker to install applications, execute arbitrary code, uninstall software, and modify configurations on affected systems.

The vulnerability falls under CWE-288: Authentication Bypass Using an Alternate Path or Channel, meaning attackers can directly access privileged functions without valid credentials. ABB rates the issue as critical, with a CVSS v3.1 Base Score of 9.6, placing it in the highest severity category.

According to ABB’s summary statement, “An unauthenticated attacker could exploit this vulnerability to install and run arbitrary code, uninstall installed applications, [and] modify the configuration of installed applications.”

ABB explains that the vulnerability can be triggered by sending a specially formed message to an Edgenius system node.

“An attacker could exploit the vulnerability by sending a specially crafted message to the system node allowing the attacker to install and run arbitrary code,” the advisory warns.

Once inside, an attacker gains expansive control over the edge environment—capabilities that could be devastating in industrial settings where Edgenius manages operational technology (OT) applications.

ABB has already issued a patched version (3.2.2.0). For environments unable to update immediately, ABB provides a temporary workaround: “Disabling the Edgenius Management Portal will disable the vulnerable component… This will have no impact on the day-to-day operations of an already deployed and configured system.”

Related Posts:

• Urgent Action Needed: ABB ASPECT Vulnerabilities Expose Buildings to Cyberattacks
• ABB Door Communication Systems exposed serious flaws
• ABB ASPECT BMS Critical Flaws: RCE and Privilege Escalation Risks
• CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication
• Critical ABB Flaw (CVE-2025-9574, CVSS 9.9) Exposes EoL Load Controllers to Unauthenticated Admin Access

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.