CVE-2025-8448 | THREATINT

Description

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products.

PUBLISHED Reserved 2025-07-31 | Published 2025-08-20 | Updated 2025-09-09 | Assigner schneider

LOW: 1.0CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

All 7.x versions before 7.0.2.348

affected

All 6.x versions before 6.0.4.10001 (CP8)

affected

All 5.x versions before 5.0.3.17009 (CP16)

affected

Default status

unaffected

All 7.x versions before 7.0.2.348

affected

All 6.x versions before 6.0.4.10001 (CP8)

affected

All 5.x versions before 5.0.3.17009 (CP16)

affected

Default status

unaffected

All 7.x versions before 7.0.2.348

affected

All 6.x versions before 6.0.4.10001 (CP8)

affected

All 5.x versions before 5.0.3.17009 (CP16)

affected

References

download.schneider-electric.com/...Name=SEVD-2025-224-04.pdf

cve.org (CVE-2025-8448)

nvd.nist.gov (CVE-2025-8448)

Download JSON