PatchSiren cyber security CVE debrief
CVE-2025-3916 Schneider Electric CVE debrief
CVE-2025-3916 affects Schneider Electric EcoStruxure Power Build Rapsody and is described as a CWE-121 stack-based buffer overflow. According to the CISA CSAF advisory, an attacker can potentially trigger the issue by providing a malicious SSD project file that the end user opens. Schneider Electric states that version v2.8.2 FR contains a fix, and the advisory also recommends several file-handling and workstation-hardening mitigations.
- Vendor
- Schneider Electric
- Product
- EcoStruxure Power Build Rapsody
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-15
- Original CVE updated
- 2025-05-15
- Advisory published
- 2025-05-15
- Advisory updated
- 2025-05-15
Who should care
Organizations using EcoStruxure Power Build Rapsody, especially teams that open or exchange SSD project files on engineering workstations. OT/ICS defenders and endpoint administrators should prioritize this if the product is installed on systems that handle untrusted project files.
Technical summary
The advisory identifies a local-impact vulnerability in Schneider Electric EcoStruxure Power Build Rapsody: a stack-based buffer overflow (CWE-121). The provided CVSS v3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L, reflecting the need for user interaction and the possibility of limited confidentiality, integrity, and availability impact. The affected product scope listed in the CSAF is Schneider Electric EcoStruxure Power Build Rapsody <=v2.7.12_FR. Schneider Electric reports that v2.8.2 FR includes the fix.
Defensive priority
Medium. The score is 5.3 and exploitation requires a user to open a malicious project file, but the vendor fix is available and the vulnerable product is used in industrial engineering workflows where unsafe files can be operationally relevant.
Recommended defensive actions
- Upgrade EcoStruxure Power Build Rapsody to v2.8.2 FR or later, per Schneider Electric.
- Restrict SSD project files to secure storage and limit access to trusted users only.
- Only open project files received from trusted sources.
- Use secure communication protocols when exchanging files over the network.
- Encrypt project files at rest and verify file integrity with hashes before use.
- Harden the workstation running EcoStruxure Power Build Rapsody.
- Keep control and safety networks isolated behind firewalls and minimize exposure to the Internet.
- Apply Schneider Electric's linked security notification and industrial cybersecurity best practices before handling untrusted project files.
Evidence notes
All statements are based on the supplied CISA CSAF source item ICSA-25-135-20 and its referenced Schneider Electric security notice SEVD-2025-133-03. The source lists affected product coverage as Schneider Electric EcoStruxure Power Build Rapsody <=v2.7.12_FR, describes the flaw as a CWE-121 stack-based buffer overflow, and states that a malicious SSD project file opened by the user could potentially lead to arbitrary code execution. The advisory also lists v2.8.2 FR as the fixed version and provides file-handling and workstation-hardening mitigations.
Official resources
-
CVE-2025-3916 CVE record
CVE.org
-
CVE-2025-3916 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory for CVE-2025-3916 / ICSA-25-135-20 on 2025-05-15T06:00:00.000Z. The supplied source data shows the advisory as initially published on that date, with no later modifications in the provided corpus.