CVE-2025-2441 MEDIUM

CVE-2025-2441

Vendor Schneider Electric
Product Trio Q Licensed Data Radio
Weakness CWE-1188
Published April 9, 2025
Last update April 9, 2025

CVSS base score

4.1/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data.

Key dates

02Disclosure timeline

April 9, 2025 CVE published
April 9, 2025 Record updated