CVE-2025-48396 HIGH

CVE-2025-48396

Vendor Eaton
Product Eaton Brightlayer Software Suite (BLSS)
Weakness CWE-434 · Unrestricted file upload
Published November 3, 2025
Last update November 4, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

Key dates

02Disclosure timeline

November 3, 2025 CVE published
November 4, 2025 Record updated

Related vulnerabilities

04Related CVE