Cyber Resilience

CVE-2025-14510

Critical

Published: 16 January 2026

Published
16 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0039 30.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-14510 is a critical-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in Abb (inferred from references). Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-14510, published on 2026-01-16, is an Incorrect Implementation of Authentication Algorithm vulnerability (CWE-303) in ABB Ability OPTIMAX. The issue affects versions 6.1 and 6.2, as well as versions from 6.3.0 before 6.3.1-251120 and from 6.4.0 before 6.4.1-251120. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to substantial impacts on confidentiality, integrity, and availability.

Attackers with network access can exploit this vulnerability without authentication privileges or user interaction, though it requires high attack complexity. Successful exploitation enables high-impact disruption, including unauthorized access to sensitive data, modification of system integrity, and denial of service affecting availability, all within the unchanged scope of the affected component.

ABB provides further details and mitigation guidance in its security advisory at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331&LanguageCode=en&DocumentPartId=&Action=Launch, which aligns with upgrading to patched releases such as 6.3.1-251120 and 6.4.1-251120.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Auth algorithm flaw in network-exposed ABB OPTIMAX app directly enables remote exploitation without credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41103Shared CWE-303
CVE-2025-57808Shared CWE-303
CVE-2025-66489Shared CWE-303
CVE-2026-28446Shared CWE-303
CVE-2025-14273Shared CWE-303
CVE-2025-23046Shared CWE-303
CVE-2025-13390Shared CWE-303
CVE-2026-29515Shared CWE-303
CVE-2025-4676Shared CWE-303
CVE-2026-0073Shared CWE-303

Affected Assets

Abb
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring identification, reporting, and timely remediation of the specific software flaw in the authentication algorithm implementation via vendor patches.

prevent

Ensures proper management of authenticators including selection and lifecycle of secure mechanisms to mitigate risks from incorrect authentication algorithms.

prevent

Mandates use of NIST-approved cryptographic modules and algorithms for authentication protections, preventing exploitation of flawed implementations.

References