CVE-2025-54926 — Path Traversal in Electric Ecostruxure Power Monitoring Expert

CWE-22 — Path Traversal3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.7%

top 27.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure Power Monitoring Expert Schneider Electric Ecostruxure Power Operation Advanced Reporting AND Dashboards Module

Timeline

PublishedAug 20

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5schneider_electric/ecostruxure_power_monitoring_expert4 versions+3

▶CVEListV5schneider_electric/ecostruxure_power_operation_advanced_reporting_and_dashboards_moduleVersion 2022 w/ Advanced Reporting Module, Version 2024 w/ Advanced Reporting Module+1

🔴Vulnerability Details

CVEList

CVE-2025-54926: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution whe↗2025-08-20

▶

GHSA

GHSA-9q86-673r-39p8: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution whe↗2025-08-20

▶