CVE-2025-8449

Published: Aug 20, 2025

Modified: Sep 9, 2025

PUBLISHED

Description

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.

Vendor	Product	Versions
Schnieder Electric	EcoStruxure Building Operation Enterprise Server	affected `All 7.x versions - < 7.0.2.348` unaffected `All 6.x versions - < 6.0.4.10001 (CP8)` affected `All 5.x versions - < 5.0.3.17009 (CP16)`
Schneider Electric	EcoStruxure Enterprise Server	unaffected `All 7.x versions - < 7.0.2.348` affected `All 6.x versions - < 6.0.4.10001 (CP8)` affected `All 5.x versions - < 5.0.3.17009 (CP16)`
Schneider Eelctric	EcoStruxure Building Operation Workstation	affected `All 7.x versions - < 7.0.2.348` affected `All 6.x versions - < 6.0.4.10001 (CP8)` affected `All 5.x versions - < 5.0.3.17009 (CP16)`

Weaknesses (CWE)

CWE-400

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-04.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-8449

Description

Affected Products

Weaknesses (CWE)

References