- ABB's Busch-Welcome 2‑wire door opener actuator contains a flaw that lets an attacker skip authentication when the device runs in its default compatibility mode.
The vulnerability, tracked as CVE‑2025‑7705, affects all versions of the Switch Actuator 4 DU and the door/light variant. Exploiting it requires only physical proximity to the control panel, after which the attacker can open doors or lights at will. ABB recommends toggling the mode switch from “Door‑Open” to “Light” for one second, then back, followed by a full power cycle to force recalibration and remove the unsafe setting.
The issue matters because the actuators are installed worldwide in commercial facilities, often as part of critical‑infrastructure access control. An unauthenticated breach can translate directly into unauthorized building entry, undermining physical security programs that assume the actuator is a trusted point.
In short, the fix is a quick on‑site toggle and reboot, but operators should audit all Busch‑Welcome units, apply the steps promptly, and consider network isolation to limit exposure.