CVE-2025-7746 MEDIUM

CVE-2025-7746

Vendor Schneider Electric
Product ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives
Weakness CWE-79 · XSS
Published September 9, 2025
Last update November 3, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.

Key dates

02Disclosure timeline

September 9, 2025 CVE published
November 3, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-24156 Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting CVE-2025-23688 WordPress Cobwebo URL Plugin plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-50951 WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation CVE-2024-47002 CVE-2025-0599 Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x