PatchSiren cyber security CVE debrief
CVE-2025-2222 Schneider Electric CVE debrief
CVE-2025-2222 is a CVSS 7.5 information-disclosure issue affecting Schneider Electric ConneXium Network Manager v2.0.01. The advisory describes a CWE-552 condition over HTTPS that could expose information and, in a man-in-the-middle scenario, create a path toward privilege escalation. Schneider Electric says the product is end-of-life, the webserver is disabled by default, and customers should apply the published mitigations and hardening guidance.
- Vendor
- Schneider Electric
- Product
- ConneXium Network Manager
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-04-08
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-04-08
Who should care
Operators and administrators who still use Schneider Electric ConneXium Network Manager v2.0.01, especially in industrial or OT environments where the product may be reachable over HTTPS or exposed on enterprise networks. Network and security teams supporting deprecated OT software should also review the mitigation guidance.
Technical summary
The source advisory attributes the issue to CWE-552 (files or directories accessible to external parties). In the provided description, access over HTTPS could leak information, and a man-in-the-middle attack could contribute to potential privilege escalation. The affected product listed in the CSAF advisory is Schneider Electric ConneXium Network Manager v2.0.01. Schneider Electric notes that the webserver is disabled by default and recommends disabling it, along with workstation, network, and site-hardening measures. The product is also stated to be end-of-life.
Defensive priority
High for any environment that still has the affected product deployed, because the product is unsupported and the issue is network-reachable with high confidentiality impact. Priority is lower only if the product is not present or is fully isolated and the webserver is already disabled, but the end-of-life status still warrants replacement planning.
Recommended defensive actions
- Confirm whether Schneider Electric ConneXium Network Manager v2.0.01 is deployed anywhere in your environment.
- Disable the webserver if it is enabled; Schneider Electric states it is disabled by default.
- Apply Schneider Electric's recommended workstation, network, and site-hardening guidance from the published security notice.
- Treat the product as end-of-life and begin migration or replacement planning.
- Review exposure of any HTTPS service associated with the product and limit access to trusted management networks only.
- Monitor the CISA and Schneider Electric advisories for any updated guidance.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-107-03 and Schneider Electric's security notice SEVD-2025-098-01, both published on 2025-04-08. The source corpus identifies one affected product, Schneider Electric ConneXium Network Manager v2.0.01, and provides the mitigation guidance noted above. No KEV listing was provided in the source corpus.
Official resources
-
CVE-2025-2222 CVE record
CVE.org
-
CVE-2025-2222 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-2222 was publicly disclosed on 2025-04-08 through CISA advisory ICSA-25-107-03 and Schneider Electric security notice SEVD-2025-098-01. The CVE was published and last modified on the same date in the provided timeline.