Main Vulnerability Database Vulnerabilities #VU107645

Insecure Default Initialization of Resource in Trio Q Licensed Data Radio - CVE-2025-2441

Published: April 22, 2025

Vulnerability identifier: #VU107645

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-2441

CWE-ID: CWE-1188

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
Trio Q Licensed Data Radio

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insecure default initialization of resource. An attacker with physical access can set the radio to factory default mode and cause the target product to not correctly initialize all data.

How to mitigate CVE-2025-2441

Install updates from vendor's website.

Sources

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-098-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-098-02.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-107-01

Insecure Default Initialization of Resource in Trio Q Licensed Data Radio - CVE-2025-2441

Detailed vulnerability description

How to mitigate CVE-2025-2441

Sources

Please verify you're human