Improper Input Validation in Schneider Electric FTP Products
CVE-2025-6625

8.7HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M340; Bmxnor0200h: Ethernet / Serial Rtu Module; Bmxngd0100: M580 Global Data Module; Bmxnoc0401: Modicon M340 X80 Ethernet Communication Modules
Vendor: CVE Published:; 18 August 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-6625?

An improper input validation vulnerability exists in Schneider Electric FTP products. This flaw can be exploited by sending a specially crafted FTP command to the affected devices, potentially resulting in a Denial of Service condition. Timely mitigation and secure configurations are essential to prevent exploitation and ensure system availability.

Affected Version(s)

BMXNGD0100: M580 Global Data module All versions

BMXNOC0401: Modicon M340 X80 Ethernet Communication modules All versions

BMXNOE0100: Modbus/TCP Ethernet Modicon M340 module Versions prior to 3.60

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Jun 25, 2025