Threat Intelligence / CVE / CVE-2025-3450

CVE-2025-3450

CVSS 10 (CRITICAL) · EPSS 0.1% · Published 2025-10-07

An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Weaknesses (CWE)

CWE-413

Threats tracking this CVE

ABB B&R Automation Runtime SDM CVE-2025-3450 — Unauthenticated Network DoS via Improper Resource Locking — CRITICAL

References

https://www.br-automation.com/fileadmin/SA25P002-f6a69e61.pdf

Full detection coverage & IOCs for threats exploiting CVE-2025-3450 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence