CVE-2025-4692 – ABUP IoT Cloud Platform Incorrect Privilege Assignment

https://notcve.org/view.php?id=CVE-2025-4692

22 May 2025 — Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-01 • CWE-266: Incorrect Privilege Assignment •