Information Leak and Privilege Escalation in Schneider Electric Products
CVE-2025-2222

8.2HIGH

Key Information:

Vendor: Schneider Electric
Status: Connexium Network Manager
Vendor: CVE Published:; 9 April 2025

Summary

A vulnerability exists in Schneider Electric products that allows files or directories to be accessible to external parties via HTTPS. This flaw could lead to unintended information exposure, as a local or remote attacker could exploit it, especially during a man-in-the-middle attack. The result may also include privilege escalation, enabling unauthorized users to gain elevated access within the affected systems.

Affected Version(s)

ConneXium Network Manager Version V2.0.01

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 11, 2025