VYPR

AES

by Altium

CVEs (5)

  • CVE-2025-13051CriNov 19, 2025
    risk 0.60cvss epss 0.00

    When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account,…

  • CVE-2025-8070CriJul 23, 2025
    risk 0.60cvss epss 0.00

    The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with…

  • CVE-2025-27380Jan 22, 2026
    risk 0.00cvss epss 0.00

    HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.

  • CVE-2025-27379Jan 22, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.

  • CVE-2025-27378Jan 22, 2026
    risk 0.00cvss epss 0.00

    AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL…