CVE-2025-13845

Summary

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Power Build RapsodyFR v2.8.1.0300 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyESP v2.8.5.0200 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyPT v2.8.7.0100 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyBEL (FR) v2.8.8.0100 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyBEL (EN) v2.8.3.0100 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyINT (EN) v2.8.4.0300 and prioraffected
Schneider ElectricEcoStruxure Power Build RapsodyNL v2.8.2.0000 and prioraffected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References