cve-2025-9970

CVE-2025-9970 is a high-severity credential-handling vulnerability in ABB LVS MConfig versions 1.4.9.21 and earlier, affecting low-voltage switchgear configuration software. Republished by CISA after ABB's October 2025 advisory, the flaw involves local access and operator trust on Windows workstations, where credentials can become exposed during routine maintenance. The fix is updating to MConfig 1.4.9.22. Discussions on WindowsForum highlight that while not a remote takeover bug, the vulnerability underscores broader industrial security lessons about credential management and patching practices.