CVE-2025-4692 Information

Description

Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful the user can escalate privileges to access any device managed by the

ABUP Cloud Update Platform.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-01