CVE-2025-14773

Name of the Vulnerable Software and Affected Versions ABB T-MAC Plus version 4.0-24 Firebox (affected versions not specified)

Description ABB T-MAC Plus is affected by improper neutralization of input during web page generation, which leads to cross-site scripting (XSS), a condition where malicious scripts are injected into trusted websites.

Firebox appliances contain a critical issue in the IKEv2 VPN service. Threat actors are actively exploiting this as part of a broad attack campaign targeting edge networking equipment and exposed infrastructure across multiple vendors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Update Firebox appliances to Fireware 2025.1.4 or higher, Fireware v12.11.6 or higher, Fireware v12.5.15 or higher, or Fireware v12.3.1 Update 4 or higher.