cve-2025-15467

CVE-2025-15467 is a critical stack buffer overflow vulnerability in ABB AC500 V3 programmable logic controllers (PLCs), specifically in the Cryptographic Message Syntax parsing path. The flaw affects AC500 V3 PM5xxx firmware versions 3.9.0 and 3.9.0_HF1, with the fix provided in firmware 3.9.0 HF1. ABB disclosed the issue on March 12, 2026, and CISA republished it on May 12, 2026. Operators should verify their exact firmware build from ABB's library and treat exposed AC500 V3 nodes as high-priority industrial assets until patched or isolated. This vulnerability is distinct from common OpenSSL-adjacent bugs and requires immediate attention for industrial control system security.