CVE-2025-3898

Summary

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon Controllers M241/M251Versions prior to 5.3.12.51affected
Schneider ElectricModicon Controllers M262Versions prior to 5.3.9.18affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References