CVE-2025-6625
BaseFortify
Publication date: 2025-08-18
Last updated on: 2025-08-18
Assigner: Schneider Electric SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider_electric | bmxnor0200h | * |
| schneider_electric | bmxnoe0110 | * |
| schneider_electric | bmxngd0100 | * |
| schneider_electric | modicon_m340 | * |
| schneider_electric | bmxnoe0100 | * |
| schneider_electric | bmxnoc0401 | * |
| schneider_electric | bmxnoe0100 | <3.60 |
| schneider_electric | bmxnoe0110 | <6.80 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper input validation issue (CWE-20) where a device does not correctly validate input from FTP commands. When a specially crafted FTP command is sent to the device, it can cause a Denial Of Service (DoS), making the device unavailable or unresponsive.
How can this vulnerability impact me? :
The impact of this vulnerability is a Denial Of Service condition, which means an attacker can send a crafted FTP command to the device and cause it to become unavailable or stop functioning properly. This can disrupt services and operations relying on the affected device.