Vulnerabilites related to Schneider Electric - SESU
var-201811-0562
Vulnerability from variot
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. Schneider Electric Software Update (SESU) Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Software Update (SESU) is a Schneider software update tool from Schneider Electric of France. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0562",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "software update utility",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.0"
},
{
"model": "software update",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2.2.0"
},
{
"model": "electric sesu",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.2.0"
},
{
"model": "software update utility",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.0.13"
},
{
"model": "software update utility",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "software update utility",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": "sesu",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "sesu",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": "sesu",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "update utility",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"db": "BID",
"id": "105951"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-021"
},
{
"db": "NVD",
"id": "CVE-2018-7799"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:software_update_utility",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "105951"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7799",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7799",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-45186",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-137831",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-7799",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7799",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7799",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-45186",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-021",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137831",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"db": "VULHUB",
"id": "VHN-137831"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-021"
},
{
"db": "NVD",
"id": "CVE-2018-7799"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. Schneider Electric Software Update (SESU) Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Software Update (SESU) is a Schneider software update tool from Schneider Electric of France. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7799"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"db": "BID",
"id": "105951"
},
{
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"db": "VULHUB",
"id": "VHN-137831"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7799",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-305-02",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-298-01",
"trust": 1.7
},
{
"db": "BID",
"id": "105951",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201811-021",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-45186",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-331-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686",
"trust": 0.8
},
{
"db": "IVD",
"id": "CCD6AC8F-D56B-4304-80F4-3C0885CD4A1C",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98848",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98862",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-137831",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"db": "VULHUB",
"id": "VHN-137831"
},
{
"db": "BID",
"id": "105951"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-021"
},
{
"db": "NVD",
"id": "CVE-2018-7799"
}
]
},
"id": "VAR-201811-0562",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"db": "VULHUB",
"id": "VHN-137831"
}
],
"trust": 1.8166666500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"db": "CNVD",
"id": "CNVD-2019-45186"
}
]
},
"last_update_date": "2024-11-23T22:58:49.414000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-298-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-298-01/"
},
{
"title": "Patch for Schneider Electric Software Update DLL Hijacking Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/193953"
},
{
"title": "Schneider Electric Software Update Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86567"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137831"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"db": "NVD",
"id": "CVE-2018-7799"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-305-02"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-298-01/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/105951"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7799"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-331-01"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7799"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"db": "VULHUB",
"id": "VHN-137831"
},
{
"db": "BID",
"id": "105951"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-021"
},
{
"db": "NVD",
"id": "CVE-2018-7799"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"db": "VULHUB",
"id": "VHN-137831"
},
{
"db": "BID",
"id": "105951"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-021"
},
{
"db": "NVD",
"id": "CVE-2018-7799"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"date": "2019-12-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"date": "2018-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-137831"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "105951"
},
{
"date": "2019-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-021"
},
{
"date": "2018-11-02T17:29:00.773000",
"db": "NVD",
"id": "CVE-2018-7799"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45186"
},
{
"date": "2018-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-137831"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "105951"
},
{
"date": "2019-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012686"
},
{
"date": "2018-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-021"
},
{
"date": "2024-11-21T04:12:45.457000",
"db": "NVD",
"id": "CVE-2018-7799"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Software Update DLL Hijacking vulnerability",
"sources": [
{
"db": "IVD",
"id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
},
{
"db": "CNVD",
"id": "CNVD-2019-45186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-021"
}
],
"trust": 0.6
}
}
CVE-2025-5296 (GCVE-0-2025-5296)
Vulnerability from cvelistv5
Published
2025-08-18 07:22
Modified
2025-08-18 12:22
Severity ?
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause
arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file
corruption, exposure of application and system information or persistent denial of service when a low-privileged
attacker tampers with the installation folder.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | SESU |
Version: Versions prior to v3.0.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T12:22:15.242244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T12:22:22.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SESU",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to v3.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability exists that could cause \narbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file \ncorruption, exposure of application and system information or persistent denial of service when a low-privileged \nattacker tampers with the installation folder.\n\n\u003cbr\u003e"
}
],
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability exists that could cause \narbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file \ncorruption, exposure of application and system information or persistent denial of service when a low-privileged \nattacker tampers with the installation folder."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T07:22:05.013Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-224-03.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2025-5296",
"datePublished": "2025-08-18T07:22:05.013Z",
"dateReserved": "2025-05-28T06:06:42.804Z",
"dateUpdated": "2025-08-18T12:22:22.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}