VYPR

SEVD-2025-224-01

by Schneider Electric

CVEs (6)

  • CVE-2025-54923HigAug 20, 2025
    risk 0.57cvss epss 0.01

    CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.

  • CVE-2025-54925HigAug 20, 2025
    risk 0.49cvss 7.5epss 0.00

    CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.

  • CVE-2025-54926HigAug 20, 2025
    risk 0.47cvss 7.2epss 0.01

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed.

  • CVE-2025-5296HigAug 18, 2025
    risk 0.47cvss 7.3epss 0.00

    CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system…

  • CVE-2025-8453MedAug 20, 2025
    risk 0.44cvss 6.7epss 0.00

    CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts.

  • CVE-2025-54927MedAug 20, 2025
    risk 0.32cvss 4.9epss 0.01

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.