CORS Misconfiguration in SEL-5037 Grid Configurator by SEL
CVE-2025-46737

7.4HIGH

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: Sel-5037 Grid Configurator
Vendor: CVE Published:; 12 May 2025

What is CVE-2025-46737?

The SEL-5037 Grid Configurator has a misconfigured Cross Origin Resource Sharing (CORS) setting that allows unnecessary access to its data gateway service. This API service lacks proper rejection mechanisms for requests from unauthorized sources, putting sensitive data at risk. It is crucial for users to review their configurations to enhance security.

Affected Version(s)

SEL-5037 Grid Configurator 0 < 6.4.0.58

References

https://selinc.com/products/software/latest-software-vers...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Apr 28, 2025

Schweitzer Engineering Laboratories

What is CVE-2025-46737?

Affected Version(s)

References

CVSS V3.1

Timeline