CVE-2025-13845_CVE-2025-13845

8.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

Basic Information

ID CVE-2025-13845

Source schneider

Published Jan 15, 2026 at 18:33

Affected Product

Vendor Schneider Electric

Product EcoStruxure Power Build Rapsody

Version FR v2.8.1.0300 and prior

Affected Versions Schneider Electric EcoStruxure Power Build Rapsody FR v2.8.1.0300 and prior
Schneider Electric EcoStruxure Power Build Rapsody ESP v2.8.5.0200 and prior
Schneider Electric EcoStruxure Power Build Rapsody PT v2.8.7.0100 and prior
Schneider Electric EcoStruxure Power Build Rapsody BEL (FR) v2.8.8.0100 and prior
Schneider Electric EcoStruxure Power Build Rapsody BEL (EN) v2.8.3.0100 and prior
Schneider Electric EcoStruxure Power Build Rapsody INT (EN) v2.8.4.0300 and prior
Schneider Electric EcoStruxure Power Build Rapsody NL v2.8.2.0000 and prior

CWE Classification

CWE-416

References

download.schneider-electric.com /files

{
    "lastseen": "",
    "description": "CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.",
    "published": "2026-01-15T18:33:23.235Z",
    "modified": "2026-01-15T18:33:23.235Z",
    "type": "cve",
    "title": "CVE-2025-13845",
    "source": "schneider",
    "references": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-013-04.pdf",
    "id": "CVE-2025-13845",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "Schneider Electric EcoStruxure Power Build Rapsody FR v2.8.1.0300 and prior\nSchneider Electric EcoStruxure Power Build Rapsody ESP v2.8.5.0200 and prior\nSchneider Electric EcoStruxure Power Build Rapsody PT v2.8.7.0100 and prior\nSchneider Electric EcoStruxure Power Build Rapsody BEL (FR) v2.8.8.0100 and prior\nSchneider Electric EcoStruxure Power Build Rapsody BEL (EN) v2.8.3.0100 and prior\nSchneider Electric EcoStruxure Power Build Rapsody INT (EN) v2.8.4.0300 and prior\nSchneider Electric EcoStruxure Power Build Rapsody NL v2.8.2.0000 and prior",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EcoStruxure Power Build Rapsody",
    "version": "FR v2.8.1.0300 and prior",
    "vendor": "Schneider Electric",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}