CVE-2025-30173 is a file upload vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) affecting ABB's ASPECT-Enterprise, NEXUS Series, and MATRIX Series products up to version 3.08.03. The vulnerability arises when session administrator credentials are compromised, allowing an attacker with high privileges to upload files without proper restrictions on file types. This can lead to the introduction of malicious files, such as web shells or scripts, which could be executed on the server or within the application environment. The vulnerability has a CVSS 4.0 base score of 6.0, indicating a medium severity level. The vector details show that the attack is network-based (AV:N), requires low attack complexity (AC:L), and requires privileges (PR:H) but no user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability with high impact on integrity and availability, and low impact on confidentiality. The scope is unchanged, meaning the vulnerability affects the same security scope. No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability is particularly dangerous because it requires compromised administrator session credentials, which implies that the attacker already has significant access, but the unrestricted file upload can further escalate control or persistence within the environment. ABB ASPECT-Enterprise and related products are industrial control and automation software widely used in critical infrastructure and manufacturing sectors.

For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities that rely on ABB's ASPECT-Enterprise and related products, this vulnerability poses a significant risk. If an attacker compromises administrator session credentials, they could upload malicious files leading to unauthorized code execution, data manipulation, or disruption of industrial processes. This could result in operational downtime, safety hazards, financial losses, and damage to reputation. The impact on availability and integrity is particularly concerning in industrial environments where system reliability is paramount. Furthermore, the potential for lateral movement within networks after exploiting this vulnerability could expose additional systems and sensitive data. Given the reliance on ABB products in European industrial sectors, exploitation could have cascading effects on supply chains and critical services.

1. Immediately monitor and secure administrator sessions to prevent credential compromise, including enforcing multi-factor authentication (MFA) and session timeout policies. 2. Restrict file upload capabilities strictly to necessary users and implement strong file type validation and sanitization on the server side to prevent dangerous file types from being uploaded. 3. Employ network segmentation to isolate industrial control systems from general IT networks, limiting the attack surface if credentials are compromised. 4. Implement robust logging and monitoring to detect unusual file upload activities or unauthorized access attempts. 5. Apply principle of least privilege to administrative accounts to minimize the impact of credential compromise. 6. Stay updated with ABB security advisories and apply patches or mitigations as soon as they become available. 7. Conduct regular security awareness training focused on credential protection and phishing prevention to reduce the risk of initial compromise. 8. Use application-layer firewalls or intrusion prevention systems capable of detecting and blocking malicious file uploads.