CVE-2025-48397 HIGH

CVE-2025-48397

Vendor Eaton
Product Eaton Brightlayer Software Suite (BLSS)
Weakness CWE-306 · Missing auth
Published November 3, 2025
Last update November 3, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

Key dates

02Disclosure timeline

November 3, 2025 CVE published
November 3, 2025 Record updated