CVE-2025-7746
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-11-03

Assigner: Schneider Electric SE

Description
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-7746
Affected Vendors & Products
Showing 21 associated CPEs
Vendor Product Version / Range
schneider_electric atv9a0 *
schneider_electric atv650 *
schneider_electric atv991 *
schneider_electric atv6000 *
schneider_electric atv992 *
schneider_electric ats490 *
schneider_electric atv960 *
schneider_electric atv980 *
schneider_electric atvdpac_module *
schneider_electric atv950 *
schneider_electric atv340e *
schneider_electric atv9l0 *
schneider_electric vw3a3720 *
schneider_electric atv660 *
schneider_electric atv9b0 *
schneider_electric atv993 *
schneider_electric atv630 *
schneider_electric atv930 *
schneider_electric atv680 *
schneider_electric ilc992 *
schneider_electric vw3a3721 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-site Scripting (XSS) issue where improper neutralization of input during web page generation allows unvalidated data injected by a malicious user to potentially modify or read data in a victim's browser.

Impact Analysis

This vulnerability can allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized reading or modification of data in the victim's browser, which can compromise user data and session integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7746. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart