Overview
The vulnerability CVE-2025-6072 presents a significant risk to ABB’s RMC-100 and RMC-100 LITE products. This Stack-based Buffer Overflow vulnerability may allow an attacker to compromise the system or lead to data leakage if the REST interface is enabled, and the attacker gains access to the control network. Therefore, it’s crucial to understand and mitigate this vulnerability to secure the products and data.
Vulnerability Summary
CVE ID: CVE-2025-6072
Severity: High (CVSS: 7.5)
Attack Vector: Network
Privileges Required: Low
User Interaction: Required
Impact: Potential system compromise or data leakage
Affected Products
Escape the Surveillance Era
Most apps won’t tell you the truth.
They’re part of the problem.
Phone numbers. Emails. Profiles. Logs.
It’s all fuel for surveillance.
Ameeba Chat gives you a way out.
- • No phone number
- • No email
- • No personal info
- • Anonymous aliases
- • End-to-end encrypted
Chat without a trace.
Product | Affected Versions
ABB RMC-100 | 2105457-043 to 2105457-045
ABB RMC-100 LITE | 2106229-015 to 2106229-016
How the Exploit Works
The exploit works by overflowing the date of expiration field in the JSON configuration when the REST interface is enabled. If an attacker gains access to the control network and exploits CVE-2025-6074, they can manipulate the JSON configuration to overflow the date of expiration field, potentially causing system compromise or data leakage.
Conceptual Example Code
An example of how the vulnerability might be exploited is demonstrated below. This is a conceptual representation and may not work in an actual scenario without modifications.
POST /RMC-100/config HTTP/1.1
Host: target.example.com
Content-Type: application/json
{
"date_of_expiration": "2025-12-31" + "A"*5000
}This HTTP request sends a JSON object with the date_of_expiration field purposely oversize to overflow the buffer. This overflow can cause unexpected behavior in the system, leading to potential system compromise or data leakage.
