CVE-2025-54927_CVE-2025-54927

4.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.

Basic Information

ID CVE-2025-54927

Source schneider

Published Aug 20, 2025 at 13:51

Affected Product

Vendor Schneider Electric

Product EcoStruxure™ Power Monitoring Expert (PME)

Version Version 2022

Affected Versions Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) Version 2022
Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) Version 2023
Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) Version 2024
Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) Version 2024 R2
Schneider Electric EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards Module Version 2022 w/ Advanced Reporting Module
Schneider Electric EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards Module Version 2024 w/ Advanced Reporting Module

CWE Classification

CWE-22

References

download.schneider-electric.com /files

{
    "lastseen": "",
    "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.",
    "published": "2025-08-20T13:51:04.959Z",
    "modified": "2025-08-20T13:51:04.959Z",
    "type": "cve",
    "title": "CVE-2025-54927",
    "source": "schneider",
    "references": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-02.pdf",
    "id": "CVE-2025-54927",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Schneider Electric EcoStruxure\u2122 Power Monitoring Expert (PME) Version 2022\nSchneider Electric EcoStruxure\u2122 Power Monitoring Expert (PME) Version 2023\nSchneider Electric EcoStruxure\u2122 Power Monitoring Expert (PME) Version 2024\nSchneider Electric EcoStruxure\u2122 Power Monitoring Expert (PME) Version 2024 R2\nSchneider Electric EcoStruxure\u2122 Power Operation (EPO) Advanced Reporting and Dashboards Module Version 2022 w/ Advanced Reporting Module\nSchneider Electric EcoStruxure\u2122 Power Operation (EPO) Advanced Reporting and Dashboards Module Version 2024 w/ Advanced Reporting Module",
    "sourceHref": "",
    "cvss": {
        "score": 4.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EcoStruxure\u2122 Power Monitoring Expert (PME)",
    "version": "Version 2022",
    "vendor": "Schneider Electric",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}