CRITICAL
ASKI Energy
CVE published 2025-10-23
CVE-2025-9574
CVE-2025-9574 is a critical missing-authentication issue in the embedded web server used by ASKI Energy ALS-Mini-S4 and ALS-Mini-S8 IP controllers. According to CISA’s advisory, an attacker can read and modify product configuration parameters without logging in. ABB reports the affected products reached end of life in 2022, so no software fix is planned; defenders should focus on isolation, access restric [truncated]