Improper Input Validation in Network-M2 Card by Eaton
CVE-2025-22495

8.4HIGH

Key Information:

Vendor: Eaton
Status: Network M2
Vendor: CVE Published:; 24 February 2025

What is CVE-2025-22495?

An improper input validation flaw was identified in the configuration field of Eaton's Network-M2 card, which allows authenticated high privileged users to execute arbitrary commands. This vulnerability poses significant security risks, especially in systems relying on the Network-M2 card, which is now end-of-life as of early 2024. Users are encouraged to upgrade to the Network-M3 model, which serves as a robust replacement for the vulnerable product.

Affected Version(s)

Network M2 0 < 3.0.4

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

https://www.eaton.com/content/dam/eaton/products/backup-p...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Jan 7, 2025