CVE-2025-6625 HIGH

CVE-2025-6625

Vendor Schneider Electric

Product Modicon M340

Weakness CWE-20 · Input validation

Published August 18, 2025

Last update August 18, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.

Key dates

02Disclosure timeline

August 18, 2025 CVE published

August 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6625

Related vulnerabilities

Identifiers

CVE CVE-2025-6625

CWE CWE-20

CVSS 8.7 / HIGH

Affected versions

Vendor Schneider Electric

Product Modicon M340

Affected All versions

Vendor Schneider Electric

Product BMXNOR0200H: Ethernet / Serial RTU Module

Affected All versions

Vendor Schneider Electric

Product BMXNGD0100: M580 Global Data module

Affected All versions

Vendor Schneider Electric

Product BMXNOC0401: Modicon M340 X80 Ethernet Communication modules

Affected All versions

Vendor Schneider Electric

Product BMXNOE0100: Modbus/TCP Ethernet Modicon M340 module

Affected Versions prior to 3.60

Vendor Schneider Electric

Product BMXNOE0110: Modbus/TCP Ethernet Modicon M340 FactoryCast module

Affected Versions prior to 6.80

CVE-2025-6625

01Description

02Disclosure timeline

03References

04Related CVE