Home

Description

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

PUBLISHED Reserved 2025-05-20 | Published 2025-11-03 | Updated 2025-11-04 | Assigner Eaton




HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

Any version
affected

Credits

Lang Khuong Duy (JuyLang) - Viettel IDC finder

References

www.eaton.com/...ity/security-bulletins/etn-va-2025-1021.pdf

cve.org (CVE-2025-48396)

nvd.nist.gov (CVE-2025-48396)

Download JSON