CVE-2025-27845 is a critical vulnerability affecting ESPEC North America Web Controller version 3 prior to 3.3.4. The vulnerability arises from improper handling of invalid authentication requests to the /api/v4/auth/ endpoint. Specifically, when an invalid authentication request is made, the system inadvertently exposes the JSON Web Token (JWT) secret key. JWT secrets are cryptographic keys used to sign and verify tokens that grant access to the system's user interface (UI). Exposure of this secret allows an attacker to forge valid JWT tokens, thereby gaining elevated permissions without legitimate authentication. This vulnerability is classified under CWE-200 (Exposure of Sensitive Information) and has a CVSS v3.1 score of 9.8, indicating a critical severity. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). The scope is unchanged (S:U), meaning the vulnerability affects only the vulnerable component. No known exploits are currently reported in the wild, but the ease of exploitation and impact make it a significant threat. The lack of a patch link suggests that remediation is either pending or must be obtained directly from the vendor. Organizations using affected versions of this controller are at high risk of unauthorized access and potential full compromise of the system's UI and underlying controls.

For European organizations, the impact of this vulnerability can be severe, especially for those relying on ESPEC North America Web Controller for critical infrastructure or industrial process control. Exposure of the JWT secret can lead to unauthorized administrative access, allowing attackers to manipulate system configurations, disrupt operations, or exfiltrate sensitive data. This can result in operational downtime, safety hazards, regulatory non-compliance (e.g., GDPR if personal data is involved), and reputational damage. Given the critical nature of industrial control systems in sectors such as manufacturing, energy, and utilities across Europe, exploitation could have cascading effects on supply chains and essential services. Additionally, the vulnerability's network accessibility and lack of required authentication increase the likelihood of remote exploitation, raising the threat level for organizations with internet-facing controllers or insufficient network segmentation.

European organizations should immediately verify if they are running ESPEC North America Web Controller versions prior to 3.3.4. If so, they should prioritize upgrading to version 3.3.4 or later once available. In the absence of an official patch, organizations should implement compensating controls such as restricting network access to the /api/v4/auth/ endpoint using firewalls or network segmentation to limit exposure to trusted internal networks only. Monitoring and logging authentication attempts to detect abnormal or repeated invalid requests can help identify exploitation attempts early. Additionally, organizations should review and rotate any JWT secrets or cryptographic keys associated with the controller to invalidate potentially compromised tokens. Employing multi-factor authentication (MFA) for UI access, if supported, can add an additional security layer. Finally, conducting thorough security assessments and penetration testing on the affected systems will help identify any exploitation and verify the effectiveness of mitigations.