CVE-2025-13845
published 2026-01-15CVE-2025-13845: CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
high8.4CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_power_build_rapsody | <= 2.8.1.0300 | — |
| schneider-electric | ecostruxure_power_build_rapsody | <= 2.8.2.0000 | — |
| schneider-electric | ecostruxure_power_build_rapsody | <= 2.8.3.0100 | — |
| schneider-electric | ecostruxure_power_build_rapsody | <= 2.8.4.0300 | — |
| schneider-electric | ecostruxure_power_build_rapsody | <= 2.8.5.0200 | — |
| schneider-electric | ecostruxure_power_build_rapsody | <= 2.8.7.0100 | — |
| schneider-electric | ecostruxure_power_build_rapsody | <= 2.8.8.0100 | — |
| schneider_electric | ecostruxure_power_build_rapsody | — | — |
| schneider_electric | ecostruxure_power_build_rapsody | — | — |
| schneider_electric | ecostruxure_power_build_rapsody | — | — |
| schneider_electric | ecostruxure_power_build_rapsody | — | — |
| schneider_electric | ecostruxure_power_build_rapsody | — | — |
| schneider_electric | ecostruxure_power_build_rapsody | — | — |
| schneider_electric | ecostruxure_power_build_rapsody | — | — |