{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/coresense-m10/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2025-3465"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["CoreSense™ HM","CoreSense™ M10"],"_cs_severities":["high"],"_cs_tags":["path-traversal","vulnerability","abb"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB CoreSense HM and CoreSense M10 are vulnerable to a path traversal vulnerability (CVE-2025-3465). This vulnerability allows unauthenticated users with local access to the affected systems to gain unauthorized access to restricted directories. Successful exploitation of this vulnerability could lead to complete system compromise and the exposure of sensitive information. The vulnerability affects CoreSense™ HM versions up to 2.3.1 and 2.3.4, as well as CoreSense™ M10 versions up to 1.4.1.12 and 1.4.1.31. ABB has released updated versions (CoreSense™ HM v2.3.4 and CoreSense™ M10 v1.4.1.31) to address this vulnerability, urging users to apply the updates promptly. This poses a significant risk to organizations in critical infrastructure sectors like Food and Agriculture, Commercial Facilities, and Critical Manufacturing, where these products are deployed worldwide.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to the machine hosting the vulnerable ABB CoreSense HM or CoreSense M10 web application, either through physical access or compromising a user account.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request containing a path traversal payload targeting a specific endpoint within the web application. This payload manipulates the file path to access restricted directories outside the intended scope.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application fails to properly sanitize the provided file path, allowing the attacker to bypass access controls.\u003c/li\u003e\n\u003cli\u003eThe web server processes the manipulated request and attempts to read the file specified by the attacker-controlled path.\u003c/li\u003e\n\u003cli\u003eThe application retrieves and returns the contents of the targeted file, potentially containing sensitive configuration data, credentials, or other confidential information.\u003c/li\u003e\n\u003cli\u003eAttacker analyzes the retrieved data to gather further information about the system, such as user accounts, installed software, and network configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the gathered information to escalate privileges and gain unauthorized access to other parts of the system.\u003c/li\u003e\n\u003cli\u003eAttacker achieves complete system compromise and exfiltrates sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-3465 can lead to complete system compromise and exposure of sensitive information. This may enable attackers to gain unauthorized access to critical systems, disrupt operations, or steal sensitive data. Sectors such as Food and Agriculture, Commercial Facilities, and Critical Manufacturing, which rely on these systems, are at particular risk. The advisory does not mention specific victims or instances of exploitation, but it does state that unauthenticated local access is required.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the vendor-provided patches to upgrade to CoreSense™ HM v2.3.4 and CoreSense™ M10 v1.4.1.31 to remediate CVE-2025-3465.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation and firewall rules to restrict local access to the ABB CoreSense HM and CoreSense M10 systems, as mentioned in the \u0026ldquo;Mitigating factors\u0026rdquo; section.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect ABB CoreSense HM/M10 Path Traversal Attempt\u003c/code\u003e to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences (e.g., \u0026ldquo;..\u0026rdquo;, \u0026ldquo;%2e%2e\u0026rdquo;) in the URI stem or query, as detected by the Sigma rule \u003ccode\u003eDetect ABB CoreSense HM/M10 Path Traversal in Web Logs\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T16:15:59Z","date_published":"2026-05-19T16:15:59Z","id":"https://feed.craftedsignal.io/briefs/2026-05-abb-coresense-path-traversal/","summary":"A path traversal vulnerability (CVE-2025-3465) in ABB CoreSense HM and CoreSense M10 allows unauthenticated local users to access restricted directories, potentially leading to system compromise and information exposure; patch to CoreSense™ HM v2.3.4 and CoreSense™ M10 v1.4.1.31.","title":"ABB CoreSense HM and CoreSense M10 Path Traversal Vulnerability (CVE-2025-3465)","url":"https://feed.craftedsignal.io/briefs/2026-05-abb-coresense-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — CoreSense™ M10","version":"https://jsonfeed.org/version/1.1"}