Vulnerability in Schneider Electric Ecostruxure™ Power Monitoring Expert
CVE-2025-6788
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.
EPSS: 0.003 (18.6th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Ecostruxure™ Power Monitoring Expert — versions 2023, 2023 R2, 2024
- Schneider Electric Ecostruxure™ Power Operation Advanced Reporting And Dashboards Module — versions 2022 w/ Advanced Reporting Module, 2024 w/ Advanced Reporting Module