CVE-2025-8449
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-20

Last updated on: 2025-08-20

Assigner: Schneider Electric SE

Description
CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-20
Last Modified
2025-08-20
Generated
2026-05-07
AI Q&A
2025-08-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8449
EUVD
EUVD-2025-25280
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
schneider_electric ecostruxure_building_operation 7.x
schneider_electric ecostruxure_building_operation 6.x
schneider_electric ecostruxure_building_operation 5.x
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an uncontrolled resource consumption issue (CWE-400) that can lead to a denial of service. It occurs when an authenticated user sends a specially crafted request to a specific endpoint within the BMS network, causing the system to consume excessive resources and potentially become unavailable.


How can this vulnerability impact me? :

The vulnerability can impact you by causing a denial of service condition within the BMS network. This means that legitimate users may be unable to access services or resources because the system is overwhelmed by the specially crafted requests, leading to potential downtime or disruption of operations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart