CVE-2025-54924 — Server-Side Request Forgery in Electric Ecostruxure Power Monitoring Expert

CWE-918 — Server-Side Request Forgery3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 76.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure Power Monitoring Expert Schneider Electric Ecostruxure Power Operation Advanced Reporting AND Dashboards Module

Timeline

PublishedAug 20

Description

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5schneider_electric/ecostruxure_power_monitoring_expert4 versions+3

▶CVEListV5schneider_electric/ecostruxure_power_operation_advanced_reporting_and_dashboards_moduleVersion 2022 w/ Advanced Reporting Module, Version 2024 w/ Advanced Reporting Module+1

🔴Vulnerability Details

CVEList

CVE-2025-54924: CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a speci↗2025-08-20

▶

GHSA

GHSA-v5qc-4rxp-7vrf: CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a speci↗2025-08-20

▶