CVE-2025-4676

High

Published: 07 January 2026

Published

07 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0001 2.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-4676 is a high-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in Abb (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 2.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to External Remote Services (T1133) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Directly mitigates the CVE by requiring timely identification, reporting, and remediation of the specific flaw in the authentication algorithm implementation within the ABB WebPro SNMP Card firmware.

SC-13 Cryptographic Protection good match

prevent

Ensures cryptographic protections, including authentication algorithms, are implemented correctly using compliant modules and standards, preventing exploitation of the incorrect implementation.

SC-23 Session Authenticity partial match

prevent

Protects the authenticity of communications sessions in protocols like SNMP, addressing aspects of the flawed authentication algorithm vulnerable to adjacent network attacks.

MITRE ATT&CK Enterprise TechniquesAI

T1133 External Remote Services Persistence

Adversaries may leverage external-facing remote services to initially access and/or persist within a network.

attack.mitre.org →

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Auth algorithm flaw enables bypass for adjacent network access to device services (T1133) and use of accounts without valid credentials (T1078).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.

Deeper analysisAI

CVE-2025-4676 is an Incorrect Implementation of Authentication Algorithm vulnerability, classified under CWE-303, affecting ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL through version 1.1.8.K. Published on 2026-01-07T17:16:00.170, the vulnerability carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

An adjacent network attacker (AV:A) with low attack complexity (AC:L) and no required privileges (PR:N) can exploit this issue by tricking a user into performing an action (UI:R). Successful exploitation results in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), with a changed scope (S:C) that allows the attacker to affect resources beyond the vulnerable component.

Mitigation details are provided in the ABB security advisory available at https://search.abb.com/library/Download.aspx?DocumentID=2CRT000009&LanguageCode=en&DocumentPartId=&Action=Launch.