PatchSiren cyber security CVE debrief
CVE-2025-8449 Schneider Electric CVE debrief
CVE-2025-8449 is a Schneider Electric EcoStruxure Building Operation vulnerability that can let an authenticated user trigger denial of service by sending a specially crafted request to a specific endpoint inside the BMS network. CISA classifies the issue as CWE-400 (Uncontrolled Resource Consumption) and assigned CVSS 4.5 (medium). Schneider Electric and CISA published the advisory on 2025-08-12, with affected and fixed version details updated on 2025-09-09.
- Vendor
- Schneider Electric
- Product
- EcoStruxure™ Building Operation Enterprise Server
- CVSS
- MEDIUM 4.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-08-12
- Advisory updated
- 2025-09-09
Who should care
OT/BMS administrators, Schneider Electric EcoStruxure Building Operation operators, and security teams responsible for Enterprise Server, Enterprise Central, or Workstation deployments.
Technical summary
The advisory describes a resource-consumption issue in EcoStruxure Building Operation Enterprise Server that can lead to denial of service when an authenticated user submits a specially crafted request to a specific endpoint from within the building management system network. The supplied CVSS vector is AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H, indicating limited privileges and user interaction are required, the attack is adjacent-network scoped, and the primary impact is availability. CISA’s source also lists fixed builds for Enterprise Server, Enterprise Central, and Workstation across supported branches.
Defensive priority
Medium priority. Apply the vendor fix on a normal patch timeline, but treat it as higher urgency if the affected BMS environment has broad internal access, limited segmentation, or operational dependence on the impacted service’s availability.
Recommended defensive actions
- Upgrade to the fixed release that matches your product branch: 7.0.2.348, 6.0.4.10001 (CP8), or 5.0.3.17009 (CP16).
- Follow the vendor installation instructions and accompanying readme from the EcoExpert Software Center.
- If you cannot patch immediately, enforce strong access controls so only authorized personnel can reach the system; use multi-factor authentication for EBO version 7.0 or later.
- Use firewalls and network segmentation to isolate the building management system from other networks.
- Monitor system activity regularly for signs of abnormal requests or service degradation.
- Follow Schneider Electric’s EBO hardening guidelines and CISA ICS recommended practices.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-254-08 and the Schneider Electric security notice SEVD-2025-224-04. The source description explicitly states a CWE-400 uncontrolled resource consumption issue that can cause denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network. The supplied remediation entries list fixed versions for the affected branches, and the advisory revision history shows a 2025-09-09 update to affected and fixed version details. No KEV entry or ransomware campaign use is present in the supplied corpus.
Official resources
-
CVE-2025-8449 CVE record
CVE.org
-
CVE-2025-8449 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-08-12 via CISA advisory ICSA-25-254-08 and Schneider Electric notice SEVD-2025-224-04. The advisory was revised on 2025-09-09 to update affected and fixed version details.