CVE-2025-54923

🗓️ 20 Aug 2025 13:30:04Reported by schneiderType

CVE-2025-54923: Untrusted data deserialization enables remote code execution by authenticated users.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-54923	12 Aug 202503:00	–	circl
CNNVD	Schneider Electric EcoStruxure Power Monitoring Expert和EcoStruxure Power Operation AdvancedReporting and Dashboards Module 代码问题漏洞	20 Aug 202500:00	–	cnnvd
CVE	CVE-2025-54923	20 Aug 202513:30	–	cve
EUVD	EUVD-2025-25294	3 Oct 202520:07	–	euvd
NVD	CVE-2025-54923	20 Aug 202514:15	–	nvd
Positive Technologies	PT-2025-32890 · Schneider Electric · Ecostruxure Power Monitoring Expert	12 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-54923	22 Aug 202514:31	–	redhatcve
Vulnrichment	CVE-2025-54923	20 Aug 202513:30	–	vulnrichment
Zero Day Initiative	(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability	12 Aug 202500:00	–	zdi

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure™ Power Monitoring Expert (PME)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Version 2022"
      },
      {
        "status": "affected",
        "version": "Version 2023"
      },
      {
        "status": "affected",
        "version": "Version 2024"
      },
      {
        "status": "affected",
        "version": "Version 2024 R2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Version 2022 w/ Advanced Reporting Module"
      },
      {
        "status": "affected",
        "version": "Version 2024 w/ Advanced Reporting Module"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

20 Aug 2025 13:44Current

CVSS 48.7

EPSS0.01934

CWE-502