CVE-2025-8448_CVE-2025-8448

2.3 / 10

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Description

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products.

Basic Information

ID CVE-2025-8448

Source schneider

Published Aug 20, 2025 at 13:58

Affected Product

Vendor Schneider Eelctric

Product EcoStruxureTM Building Operation Enterprise Server

Version Versions prior to 7.0.1

Affected Versions Schneider Eelctric EcoStruxureTM Building Operation Enterprise Server Versions prior to 7.0.1
Schneider Electric EcoStruxureTM Enterprise Server Versions prior to 7.0.1
Schneider Eelctric EcoStruxureTM Workstation Versions prior to 7.0.1

CWE Classification

CWE-200

References

download.schneider-electric.com /files

{
    "lastseen": "",
    "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products.",
    "published": "2025-08-20T13:58:53.818Z",
    "modified": "2025-08-20T13:58:53.818Z",
    "type": "cve",
    "title": "CVE-2025-8448",
    "source": "schneider",
    "references": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-04.pdf",
    "id": "CVE-2025-8448",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Schneider Eelctric EcoStruxureTM Building Operation Enterprise Server Versions prior to 7.0.1\nSchneider Electric EcoStruxureTM Enterprise Server Versions prior to 7.0.1\nSchneider Eelctric EcoStruxureTM Workstation Versions prior to 7.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EcoStruxureTM Building Operation Enterprise Server",
    "version": "Versions prior to 7.0.1",
    "vendor": "Schneider Eelctric",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}