CVE-2025-54925

Summary

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2022affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2023affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2024affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2024 R2affected
Schneider ElectricEcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards ModuleVersion 2022 w/ Advanced Reporting Moduleaffected
Schneider ElectricEcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards ModuleVersion 2024 w/ Advanced Reporting Moduleaffected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References