Bypass Authentication Flaw in SEL BIOS Packages
CVE-2025-46750

4.4MEDIUM

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: Sel-3350-1; Sel-3355-2; Sel-3360-2
Vendor: CVE Published:; 12 May 2025

What is CVE-2025-46750?

Certain SEL BIOS packages prior to version 1.3.49152.117 and 2.6.49152.98 exhibit a significant vulnerability that permits local attackers to circumvent password authentication and modify protected BIOS settings. This can occur through the importation of a BIOS settings file that lacks password protection, enabling unauthorized access to sensitive configurations.

Affected Version(s)

SEL-3350-1 0 < 1.3.49152.117

SEL-3355-2 0 < 2.6.49152.98

SEL-3360-2 0 < 2.6.49152.98

References

https://selinc.com/products/software/latest-software-vers...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Apr 28, 2025

Schweitzer Engineering Laboratories

What is CVE-2025-46750?

Affected Version(s)

References

CVSS V3.1

Timeline