cve 2025 9574

CVE-2025-9574 is a critical vulnerability affecting ABB ALS-mini load controllers, specifically the ALS-mini-S4 IP and ALS-mini-S8 IP models. The flaw allows unauthenticated remote attackers to read and modify device configuration through the embedded web server, due to a complete lack of authentication on management functions. Devices with serial numbers between 2000 and 5166, across all firmware versions, are impacted. The vulnerability has been scored as critical under both CVSS v3.1 and CVSS v4.0. This tag covers discussions and technical details about CVE-2025-9574, including affected hardware, exploitation vectors, and potential mitigations for industrial control system environments.