CVE-2025-54923

Summary

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2022affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2023affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2024affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2024 R2affected
Schneider ElectricEcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards ModuleVersion 2022 w/ Advanced Reporting Moduleaffected
Schneider ElectricEcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards ModuleVersion 2024 w/ Advanced Reporting Moduleaffected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References