PatchSiren cyber security CVE debrief
CVE-2025-13845 Schneider Electric CVE debrief
CVE-2025-13845 is a use-after-free vulnerability in Schneider Electric EcoStruxure Power Build Rapsody software. The advisory says a malicious SSD project file can trigger remote code execution when an end user imports it into Rapsody. The original advisory was published on 2026-01-13 and later updated on 2026-03-17, with vendor fixes available for multiple regional builds.
- Vendor
- Schneider Electric
- Product
- EcoStruxure Power Build Rapsody software
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-03-17
Who should care
Organizations that use EcoStruxure Power Build Rapsody, especially engineering, operations, and maintenance teams that import SSD project files from external or untrusted sources. Security teams supporting industrial/control-system environments should also prioritize review because the issue can lead to code execution in a product used for power build workflows.
Technical summary
The advisory describes a use-after-free condition in EcoStruxure Power Build Rapsody. Exploitation requires user interaction: an end user must import a malicious SSD project file. The stated impact is remote code execution. The source advisory reports a CVSS v4.0 base score of 8.4 (High), and the CSAF metadata also contains a CVSS v3.1 vector, so readers should rely on the vendor/CISA advisory for the authoritative scoring context.
Defensive priority
High. The vulnerability can lead to code execution through a crafted project file, and the vendor has already published fixed versions. Prioritize patching systems that open SSD files or handle externally sourced project data.
Recommended defensive actions
- Upgrade to a fixed Rapsody release for your region: FR V2.8.1.0401, ESP V2.8.5.0301, PT V2.8.7.0101, INT(EN) V2.8.4.0401, or NL V2.8.2.000.
- For Belgium deployments, use BEL(NL) V2.8.3.0201 or BEL(FR) V2.8.8.0201 and contact Schneider Electric Customer Care Center if needed.
- Restart the service after installing the updated version.
- Until remediation is complete, only open SSD project files from trusted sources.
- Scan externally created project files for malware before opening them.
Evidence notes
The description and remediations come from the CISA CSAF advisory for ICSA-26-015-10 and the Schneider Electric security notice referenced by that advisory. The advisory revision history in the supplied corpus shows the initial release on 2026-01-13, a republication on 2026-01-14, another update on 2026-03-10, and Update A on 2026-03-17. The supplied materials also note that the Belgium fix link was removed from the public advisory and that some Belgium fix details were privately communicated to impacted users.
Official resources
-
CVE-2025-13845 CVE record
CVE.org
-
CVE-2025-13845 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the vendor and CISA advisories on 2026-01-13, with subsequent advisory updates on 2026-01-14, 2026-03-10, and 2026-03-17.