CVE-2025-2875 | THREATINT

Description

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources.

PUBLISHED Reserved 2025-03-27 | Published 2025-05-14 | Updated 2025-05-14 | Assigner schneider

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-610 Externally Controlled Reference to a Resource in Another Sphere

Product status

Default status

unaffected

Versions prior to v5.3.12.48

affected

Default status

unaffected

All versions

affected

References

download.schneider-electric.com/...Name=SEVD-2025-133-01.pdf

cve.org (CVE-2025-2875)

nvd.nist.gov (CVE-2025-2875)

Download JSON