CVE-2025-13845 — Use After Free in Electric Ecostruxure Power Build Rapsody

CWE-416 — Use After Free3 documents3 sources

Severity

8.4HIGHNVD

EPSS

0.0%

top 89.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure Power Build Rapsody

Timeline

PublishedJan 15

Description

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5schneider_electric/ecostruxure_power_build_rapsody7 versions+6

🔴Vulnerability Details

GHSA

GHSA-q993-4v6g-m56m: CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Raps↗2026-01-15

▶

CVEList

CVE-2025-13845: CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Raps↗2026-01-15

▶