CVE-2025-54923 — Deserialization of Untrusted Data in Electric Ecostruxure Power Monitoring Expert

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.7HIGHNVD

EPSS

1.4%

top 19.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure Power Monitoring Expert Schneider Electric Ecostruxure Power Operation Advanced Reporting AND Dashboards Module

Timeline

PublishedAug 20

Description

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5schneider_electric/ecostruxure_power_monitoring_expert4 versions+3

▶CVEListV5schneider_electric/ecostruxure_power_operation_advanced_reporting_and_dashboards_moduleVersion 2022 w/ Advanced Reporting Module, Version 2024 w/ Advanced Reporting Module+1

🔴Vulnerability Details

CVEList

CVE-2025-54923: CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authent↗2025-08-20

▶

GHSA

GHSA-mxxc-fc9q-89hw: CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authent↗2025-08-20

▶