Multiple vulnerabilities in Schneider Electric ConneXium Network Manager

Published: 2025-04-22

Risk	High
Patch available	NO
Number of vulnerabilities	2
CVE-ID	CVE-2025-2222 CVE-2025-2223
CWE-ID	CWE-552 CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	ConneXium Network Manager Other software / Other software solutions
Vendor	Schneider Electric

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Files or Directories Accessible to External Parties

EUVDB-ID: #VU107698

Risk: High

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-2222

CWE-ID: CWE-552 - Files or Directories Accessible to External Parties

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the files or directories accessible to external parties. A remote attacker can gain access to sensitive information on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

ConneXium Network Manager: 2.0.01

CPE2.3

cpe:2.3:a:schneider_electric:connexium_network_manager:2.0.01:*:*:*:*:*:*:*

External links

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-098-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-098-01.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-107-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU107723

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-2223

CWE-ID: CWE-20 - Improper input validation