Arbitrary Code Execution in Eaton BLSS Due to File Upload Flaw
CVE-2025-48396

8.3HIGH

Key Information:

Vendor: Eaton
Status: Eaton Brightlayer Software Suite (blss)
Vendor: CVE Published:; 3 November 2025

What is CVE-2025-48396?

A vulnerability exists in Eaton's BLSS due to improper validation in the file upload feature, allowing attackers to execute arbitrary code on the system. This flaw could be exploited by uploading malicious files, leading to potential unauthorized access, data compromise, or full system takeover. It is crucial for users to implement security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Eaton Brightlayer Software Suite (BLSS) 0 <= 7.3.x

References

https://https://www.eaton.com/content/dam/eaton/company/n...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2025
Vulnerability Reserved
May 20, 2025

JSON