Improper Input Validation in Schneider Electric's Web Server Product
CVE-2025-3898

7.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon Controllers M241/m251; Modicon Controllers M262
Vendor: CVE Published:; 10 June 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-3898?

An improper input validation vulnerability exists in Schneider Electric's web server, where an authenticated malicious user could exploit the server by sending an HTTPS request containing invalid data types. This could lead to a Denial of Service, compromising the server's functionality and service availability. Implementing robust input validation measures is critical to mitigate these risks and ensure system integrity.

Affected Version(s)

Modicon Controllers M241/M251 Versions prior to 5.3.12.51

Modicon Controllers M262 Versions prior to 5.3.9.18

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 23, 2025