CVE-2025-13845

Published: Jan 15, 2026

Modified: Jan 15, 2026

PUBLISHED

Description

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

Vendor	Product	Versions
Schneider Electric	EcoStruxure Power Build Rapsody	affected `FR v2.8.1.0300 and prior` affected `ESP v2.8.5.0200 and prior` affected `PT v2.8.7.0100 and prior` affected `BEL (FR) v2.8.8.0100 and prior` affected `BEL (EN) v2.8.3.0100 and prior` +2 more versions

Weaknesses (CWE)

CWE-416

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-013-04.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-13845

Description

Affected Products

Weaknesses (CWE)

References