CVE-2025-48393 | THREATINT

Description

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is available on the Eaton download center.

PUBLISHED Reserved 2025-05-20 | Published 2025-08-06 | Updated 2026-02-09 | Assigner Eaton

MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

Any version before 3.5.0

affected

Credits

Harry Sintonen reporter

References

www.eaton.com/...ity/security-bulletins/etn-va-2025-1002.pdf

cve.org (CVE-2025-48393)

nvd.nist.gov (CVE-2025-48393)

Download JSON