CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.3 LOW
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
schneiderCNA
2.3 LOW
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Common Weakness Enumeration
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-04.pdf