CVE-2025-13844

🗓️ 15 Jan 2026 18:28:37Reported by schneiderType

CVE-2025-13844: double free causes heap corruption when importing a malicious file into Rapsody.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2025-13844	15 Jan 202618:28	–	attackerkb
Circl	CVE-2025-13844	15 Jan 202620:02	–	circl
CNNVD	Schneider Electric EcoStruxure Power Build Rapsody resource management error vulnerability	15 Jan 202600:00	–	cnnvd
CVE	CVE-2025-13844	15 Jan 202618:28	–	cve
EUVD	EUVD-2026-2720	15 Jan 202618:28	–	euvd
NVD	CVE-2025-13844	15 Jan 202619:16	–	nvd
Positive Technologies	PT-2026-3086	15 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-13844	16 Jan 202619:25	–	redhatcve
Vulnrichment	CVE-2025-13844	15 Jan 202618:28	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Build Rapsody",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "FR v2.8.1 and prior"
      },
      {
        "status": "affected",
        "version": "INT v2.8.6 and prior"
      },
      {
        "status": "affected",
        "version": "ES v2.8.5 and prior"
      },
      {
        "status": "affected",
        "version": "BEL (NL) v2.8.3 and prior"
      },
      {
        "status": "affected",
        "version": "BEL (FR) v2.8.8 and prior"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

15 Jan 2026 18:28Current

CVSS 48.4

EPSS0.00008

CWE-415