CVE-2025-2002 MEDIUM

CVE-2025-2002

Vendor Schneider Electric
Product EcoStruxure Panel Server
Weakness CWE-532 · Sensitive info in logs
Published March 12, 2025
Last update May 12, 2025

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

01Description

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.

Key dates

02Disclosure timeline

March 12, 2025 CVE published
May 12, 2025 Record updated