CVE-2025-5296 HIGH

CVE-2025-5296

Vendor Schneider Electric
Product SESU
Weakness CWE-59
Published August 18, 2025
Last update August 18, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder.

Key dates

02Disclosure timeline

August 18, 2025 CVE published
August 18, 2025 Record updated