CVE-2025-54927 — Path Traversal in Electric Ecostruxure Power Monitoring Expert

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 76.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure Power Monitoring Expert Schneider Electric Ecostruxure Power Operation Advanced Reporting AND Dashboards Module

Timeline

PublishedAug 20

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5schneider_electric/ecostruxure_power_monitoring_expert4 versions+3

▶CVEListV5schneider_electric/ecostruxure_power_operation_advanced_reporting_and_dashboards_moduleVersion 2022 w/ Advanced Reporting Module, Version 2024 w/ Advanced Reporting Module+1

🔴Vulnerability Details

CVEList

CVE-2025-54927: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to se↗2025-08-20

▶

GHSA

GHSA-xg24-qhg2-gj63: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to se↗2025-08-20

▶