High severity8.3NVD Advisory· Published Nov 3, 2025· Updated Apr 15, 2026

CVE-2025-48396

Description

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1021.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.540
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000