CVE-2025-6788 — Resource Exposure in Electric Ecostruxure Power Monitoring Expert

CWE-668 — Resource Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 74.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure Power Monitoring Expert Schneider Electric Ecostruxure Power Operation Advanced Reporting AND Dashboards Module

Timeline

PublishedJul 11

Description

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5schneider_electric/ecostruxure_power_monitoring_expert2023 — All+3

▶CVEListV5schneider_electric/ecostruxure_power_operation_advanced_reporting_and_dashboards_module2022 w/ Advanced Reporting Module — All+1

🔴Vulnerability Details

CVEList

CVE-2025-6788: A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other↗2025-07-11

▶

GHSA

GHSA-q2rf-262f-hfr2: CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other au↗2025-07-11

▶