CVE-2025-3465 is a path traversal vulnerability classified under CWE-22, found in ABB CoreSense™ HM and CoreSense™ M10 products. The flaw arises from improper limitation of pathnames to restricted directories, allowing an attacker to craft file paths that escape intended directory boundaries. This can enable unauthorized access to files outside the designated directories, potentially exposing sensitive configuration files, logs, or other critical data. The vulnerability affects CoreSense™ HM versions through 2.3.1 and CoreSense™ M10 versions through 1.4.1.12. The CVSS 4.0 base score is 8.2 (high), reflecting that the attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a high impact on confidentiality (VC:H) but no impact on integrity or availability. The vulnerability does not require authentication or user interaction, making it easier to exploit by any local user or process with access to the system. Although no exploits are currently known in the wild, the potential for sensitive data disclosure is significant. ABB has not yet published patches, so mitigation currently relies on access control and monitoring. This vulnerability is particularly concerning for industrial environments where CoreSense™ products are deployed for monitoring and control, as unauthorized file access could lead to information leakage or aid further attacks.

The primary impact of CVE-2025-3465 is unauthorized disclosure of sensitive information due to path traversal, which compromises confidentiality. For European organizations, especially those in industrial automation, energy, and manufacturing sectors using ABB CoreSense™ HM or M10 devices, this could expose critical operational data or configuration files. Such exposure may facilitate further attacks, including sabotage or espionage. Since the vulnerability requires local access, insider threats or compromised local accounts pose a significant risk. The lack of impact on integrity and availability reduces the risk of direct operational disruption, but information leakage alone can have severe consequences, including regulatory penalties under GDPR if personal or sensitive data is exposed. The vulnerability's presence in widely used ABB products means that organizations with ABB deployments across Europe must prioritize assessment and mitigation to prevent potential exploitation.

1. Immediately restrict local access to ABB CoreSense™ HM and M10 devices to trusted personnel only, using strict access control policies and network segmentation. 2. Monitor and audit local user activities on affected devices to detect any suspicious file access attempts. 3. Implement host-based intrusion detection systems (HIDS) to alert on unusual file system access patterns. 4. Once ABB releases patches or updates addressing CVE-2025-3465, apply them promptly following thorough testing. 5. If patching is delayed, consider deploying compensating controls such as application whitelisting or sandboxing to limit the ability of unauthorized processes to exploit the vulnerability. 6. Review and harden device configurations to minimize unnecessary local services or accounts. 7. Educate local users and administrators about the risks of unauthorized file access and enforce strong authentication mechanisms for device access. 8. Coordinate with ABB support for guidance and updates on vulnerability remediation.