Cyber Posture

CVE-2025-14510

High

Published: 16 January 2026

Published
16 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14510 is a high-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in Abb (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the CVE by requiring identification, reporting, and timely remediation of the specific software flaw in the authentication algorithm implementation via vendor patches.

IA-5 Authenticator Management partial match
prevent

Ensures proper management of authenticators including selection and lifecycle of secure mechanisms to mitigate risks from incorrect authentication algorithms.

SC-13 Cryptographic Protection partial match
prevent

Mandates use of NIST-approved cryptographic modules and algorithms for authentication protections, preventing exploitation of flawed implementations.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Auth algorithm flaw in network-exposed ABB OPTIMAX app directly enables remote exploitation without credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.

Deeper analysisAI

CVE-2025-14510, published on 2026-01-16, is an Incorrect Implementation of Authentication Algorithm vulnerability (CWE-303) in ABB Ability OPTIMAX. The issue affects versions 6.1 and 6.2, as well as versions from 6.3.0 before 6.3.1-251120 and from 6.4.0 before 6.4.1-251120. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to substantial impacts on confidentiality, integrity, and availability.

Attackers with network access can exploit this vulnerability without authentication privileges or user interaction, though it requires high attack complexity. Successful exploitation enables high-impact disruption, including unauthorized access to sensitive data, modification of system integrity, and denial of service affecting availability, all within the unchanged scope of the affected component.

ABB provides further details and mitigation guidance in its security advisory at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331&LanguageCode=en&DocumentPartId=&Action=Launch, which aligns with upgrading to patched releases such as 6.3.1-251120 and 6.4.1-251120.

Details

CWE(s)
CWE-303

Affected Products

Abb
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-57808Shared CWE-303
CVE-2025-23046Shared CWE-303
CVE-2025-14273Shared CWE-303
CVE-2025-66489Shared CWE-303
CVE-2026-28446Shared CWE-303
CVE-2025-13390Shared CWE-303
CVE-2026-0073Shared CWE-303
CVE-2025-4676Shared CWE-303
CVE-2025-21311Shared CWE-303
CVE-2025-12419Shared CWE-303

References