CVE-2025-13844

CWE-4153 documents3 sources

Severity

8.4HIGH

EPSS

0.0%

top 99.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Power Build - Rapsody Schneider Electric Ecostruxure Power Build Rapsody

Timeline

PublishedJan 15

Description

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages2 packages

▶NVDschneider-electric/ecostruxure_power_build_-_rapsody2.8.1+4

▶CVEListV5schneider_electric/ecostruxure_power_build_rapsody5 versions+4

🔴Vulnerability Details

GHSA

GHSA-r2h5-jh8m-2q64: CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared↗2026-01-15

▶

CVEList

CVE-2025-13844: CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared↗2026-01-15

▶