CVE-2025-2875

Published May 14, 2025

Last updated a month ago

CVSS high 8.7

Overview

Description
CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources.
Source
cybersecurity@se.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

cybersecurity@se.com
CWE-610

Social media

Hype score
Not currently trending

  1. CVE-2025-2875 (CVSS:8.7, HIGH) is Awaiting Analysis. CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of..https://t.co/Q9pBfeXI36 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    19 May 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-2875 CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacke… https://t.co/DDUbtKJDuz

    @CVEnew

    14 May 2025

    206 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-2875: HIGH] Beware of CWE-610 vulnerability that could expose confidential data if attackers manipulate web server URLs to access resources. #CyberSecurity#cve,CVE-2025-2875,#cybersecurity https://t.co/yFmR35ASU8 https://t.co/mIJUz6QIBL

    @CveFindCom

    14 May 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️Vulnerabilidad en los productos de Schneider Electric ❗CVE-2025-2875 ➡️Más info: https://t.co/vcD6BszbcI https://t.co/sJoeEb2ANF

    @CERTpy

    13 May 2025

    126 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.