CVE-2025-13844

Summary

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Power Build RapsodyFR v2.8.1 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyINT v2.8.6 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyES v2.8.5 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyBEL (NL) v2.8.3 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyBEL (FR) v2.8.8 and prioraffected

Weaknesses

  • CWE-415: CWE-415 Double Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References