CVE-2025-13844 | THREATINT

Description

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.

PUBLISHED Reserved 2025-12-01 | Published 2026-01-15 | Updated 2026-01-15 | Assigner schneider

HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Problem types

CWE-415 Double Free

Product status

Default status

unaffected

FR v2.8.1 and prior

affected

INT v2.8.6 and prior

affected

ES v2.8.5 and prior

affected

BEL (NL) v2.8.3 and prior

affected

BEL (FR) v2.8.8 and prior

affected

References

download.schneider-electric.com/...Name=SEVD-2026-013-04.pdf

cve.org (CVE-2025-13844)

nvd.nist.gov (CVE-2025-13844)

Download JSON