CVE-2025-54926

Summary

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2022affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2023affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2024affected
Schneider ElectricEcoStruxure™ Power Monitoring Expert (PME)Version 2024 R2affected
Schneider ElectricEcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards ModuleVersion 2022 w/ Advanced Reporting Moduleaffected
Schneider ElectricEcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards ModuleVersion 2024 w/ Advanced Reporting Moduleaffected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References