CVE-2025-8449 | THREATINT

Description

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.

PUBLISHED Reserved 2025-07-31 | Published 2025-08-20 | Updated 2025-09-09 | Assigner schneider

MEDIUM: 4.1CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Default status

unaffected

All 7.x versions before 7.0.2.348

affected

All 6.x versions before 6.0.4.10001 (CP8)

unaffected

All 5.x versions before 5.0.3.17009 (CP16)

affected

Default status

unaffected

All 7.x versions before 7.0.2.348

unaffected

All 6.x versions before 6.0.4.10001 (CP8)

affected

All 5.x versions before 5.0.3.17009 (CP16)

affected

Default status

unaffected

All 7.x versions before 7.0.2.348

affected

All 6.x versions before 6.0.4.10001 (CP8)

affected

All 5.x versions before 5.0.3.17009 (CP16)

affected

References

download.schneider-electric.com/...Name=SEVD-2025-224-04.pdf

cve.org (CVE-2025-8449)

nvd.nist.gov (CVE-2025-8449)

Download JSON