CVE-2025-7746

Published: Sep 9, 2025

Modified: Nov 3, 2025

PUBLISHED

Description

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.

Vendor	Product	Versions
Schneider Electric	ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives	affected `all versions`
Schneider Electric	ATV930/950/955/960/980/9A0/9B0/9L0/991/992/993 Altivar Process Drives	affected `all versions`
Schneider Electric	ILC992 InterLink Converter	affected `all versions`
Schneider Electric	ATV340E Altivar Machine Drives	affected `all versions`
Schneider Electric	ATV6000 Medium Voltage Altivar Process Drives	affected `all versions`
Schneider Electric	ATS490 Altivar Soft Starter	affected `all versions`
Schneider Electric	VW3A3720 & VW3A3721 Altivar Process Communication Modules	affected `all versions`
Schneider Electric	VW3A3530D: ATVdPAC module	affected `all versions - < v25.0`

Weaknesses (CWE)

CWE-79

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-01.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-7746

Description

Affected Products

Weaknesses (CWE)

References