PatchSiren cyber security CVE debrief
CVE-2025-6788 Schneider Electric CVE debrief
CVE-2025-6788 is a medium-severity access control issue in Schneider Electric EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module. According to CISA’s CSAF advisory, TGML diagram resources can be exposed to the wrong control sphere, which may allow other authenticated users to access diagrams they should not see. Schneider Electric provides hotfixes for the affected versions and also recommends removing TGML diagrams from multitenant managed or on-premises systems and reverting to Vista diagrams if remediation is deferred.
- Vendor
- Schneider Electric
- Product
- EcoStruxure™ Power Monitoring Expert (PME)
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-08
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-07-08
- Advisory updated
- 2025-07-08
Who should care
Organizations running affected Schneider Electric EcoStruxure PME 2023/2023 R2/2024/2024 R2 or EPO Advanced Reporting and Dashboards Module 2022/2024 with Advanced Reporting Module, especially environments where multiple authenticated users or tenants can access TGML diagrams.
Technical summary
The advisory maps this issue to CWE-668: Exposure of Resource to Wrong Sphere. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) indicates network reachability, low attack complexity, and low privileges required, with confidentiality impact limited to low. The cited impact is inappropriate access to TGML diagram resources by other authenticated users rather than a direct integrity or availability impact. Remediation is available through Schneider Electric hotfixes: Hotfix_199767 for PME 2023 and 2023 R2, Hotfix_256448_Diagrams-Release.13.0.25182.01 for PME 2024, Hotfix_256448_Diagrams-Release.13.1.25182.01 for PME 2024 R2, Hotfix_199767 for EPO Advanced Reporting and Dashboards Module 2022, and Hotfix_256448_Diagrams-Release.13.0.25182.0 for EPO 2024.
Defensive priority
Medium priority for affected industrial environments; prioritize faster if TGML diagrams are used in multi-user or multitenant deployments.
Recommended defensive actions
- Apply the vendor hotfix that matches your affected Schneider Electric product and version.
- If you cannot patch immediately, remove TGML diagrams from multitenant managed systems or on-premises systems and revert to using Vista diagrams.
- Review access control boundaries around TGML diagram resources and confirm only intended authenticated users can reach them.
- Inventory all affected EcoStruxure PME and EPO deployments listed in the advisory and verify remediation status.
- Use CISA and Schneider Electric advisory references to validate the exact product/version mapping before maintenance windows.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-203-03 and the referenced Schneider Electric security notice dated 2025-07-08. The source corpus identifies the vulnerability as CWE-668, describes exposure of TGML diagram resources to the wrong control sphere, and lists affected product versions plus vendor hotfixes and mitigation guidance. No KEV listing or ransomware-campaign association was provided in the supplied corpus.
Official resources
-
CVE-2025-6788 CVE record
CVE.org
-
CVE-2025-6788 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-07-08 in CISA advisory ICSA-25-203-03 and the associated Schneider Electric security notice.