Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2025-14771 -- CVSS 9.9 Vulnerability Briefing

CVE-2025-14771 | CVSS 9.9 (Critical) | Exploit: No known exploit

What Is It

CVE-2025-14771 is a files or directories accessible to external parties vulnerability affecting ABB T-MAC Plus version 4.0-24, an industrial network access control and management device.

Technical Detail

The flaw allows unauthenticated or insufficiently authorized external parties to access files or directories that should be restricted, a class of vulnerability typically arising from improper access controls on web-exposed file paths or directory listings. An attacker with network access to the device could retrieve sensitive configuration files, credentials, or operational data without requiring valid authentication. Depending on the content exposed, this could facilitate further compromise including credential theft, network reconnaissance, or lateral movement within industrial environments where T-MAC Plus is deployed for access control.

Exploitation Status

No known exploit code has been publicly identified for this vulnerability as of the date of this briefing. This CVE is not listed in the CISA Known Exploited Vulnerabilities catalog. Despite the absence of confirmed exploitation, the critical CVSS score of 9.9 reflects the low complexity and high impact potential of the flaw, and the lack of public exploit does not preclude private or targeted use.

Who Is Targeting This

No confirmed threat actor attribution has been established for this vulnerability. Reported (research-inferred, medium confidence): POSEIDONGROUP, EVILNUM, WINTERVIVERN, SOWBUG, and AXIOM have been associated with this CVE in threat intelligence reporting, though none of these attributions have been independently verified or confirmed through direct operational evidence. Motivations for all reported actors are currently unknown. These associations should be treated as preliminary and not used as the sole basis for threat modeling decisions.

What To Do

Organizations running ABB T-MAC Plus version 4.0-24 should prioritize applying any available vendor patch or firmware update from ABB immediately, given the critical severity rating. If a patch is not yet available or cannot be applied immediately, restrict network access to the T-MAC Plus management interface using firewall rules or network segmentation, ensuring the device is not exposed to untrusted networks or the public internet. Audit web-accessible paths on the device for unintended file or directory exposure. Monitor access logs for unexpected file retrieval requests or directory traversal patterns. Contact ABB directly for vendor guidance and patch availability timelines.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →