Cyber Posture

CVE-2025-13777

High

Published: 13 March 2026

Published
13 March 2026
Modified
16 March 2026
KEV Added
Patch
CVSS Score 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
EPSS Score 0.0003 8.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13777 is a high-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Abb (inferred from references). Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 8.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-23 (Session Authenticity).

Threat & Defense at a Glance

What attackers do: exploitation maps to External Remote Services (T1133) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match
prevent

SC-23 requires mechanisms to protect communications session authenticity, directly preventing capture-replay attacks on authentication traffic.

IA-5 Authenticator Management good match
prevent

IA-5 mandates management of replay-resistant authenticators to prevent unauthorized replay of captured authentication data.

SC-8 Transmission Confidentiality and Integrity partial match
prevent

SC-8 enforces confidentiality and integrity protections on transmitted information, hindering capture and replay of authentication traffic.

MITRE ATT&CK Enterprise TechniquesAI

T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Auth bypass via capture-replay on adjacent network gateway directly enables unauthorized access to remote services (T1133) and exploitation of those services for access (T1210).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Deeper analysisAI

CVE-2025-13777 is an authentication bypass vulnerability stemming from a capture-replay issue, mapped to CWE-294. It affects ABB AWIN GW100 rev.2 firmware versions 2.0-0 and 2.0-1, as well as ABB AWIN GW120 firmware versions 1.2-0 and 1.2-1. The vulnerability was published on 2026-03-13.

The CVSS v3.1 base score is 8.3 (High), with attack vector AV:A (adjacent network), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U), resulting in high confidentiality (C:H) and availability (A:H) impacts, plus low integrity (I:L) impact. An adjacent attacker can capture and replay authentication traffic to bypass controls without prior authentication.

ABB provides mitigation guidance in its security advisory, accessible at https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch.

Details

CWE(s)
CWE-294

Affected Products

Abb
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-65552Shared CWE-294
CVE-2026-32987Shared CWE-294
CVE-2026-34209Shared CWE-294
CVE-2026-30080Shared CWE-294
CVE-2025-26201Shared CWE-294
CVE-2026-20999Shared CWE-294
CVE-2025-67135Shared CWE-294
CVE-2024-12137Shared CWE-294
CVE-2025-59023Shared CWE-294
CVE-2026-30789Shared CWE-294

References