{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-48397", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "state": "PUBLISHED", "assignerShortName": "Eaton", "dateReserved": "2025-05-20T04:07:25.101Z", "datePublished": "2025-11-03T08:28:53.084Z", "dateUpdated": "2025-11-03T15:48:09.729Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Eaton Brightlayer Software Suite (BLSS)", "vendor": "Eaton", "versions": [{"lessThanOrEqual": "7.3.x", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-11-03T07:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The privileged user could log in without sufficient credentials a</span>fter enabling an application protocol.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).</span>"}], "value": "The privileged user could log in without sufficient credentials after enabling an application protocol.\u00a0This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2025-11-03T15:48:09.729Z"}, "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1030.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-03T13:22:05.196407Z", "id": "CVE-2025-48397", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-03T13:29:19.980Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48397", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-03T13:22:05.196407Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-03T13:22:05.909Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Eaton", "product": "Eaton Brightlayer Software Suite (BLSS)", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.3.x"}], "defaultStatus": "unaffected"}], "datePublic": "2025-11-03T07:38:00.000Z", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1030.pdf"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The privileged user could log in without sufficient credentials after enabling an application protocol.\u00a0This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The privileged user could log in without sufficient credentials a</span>fter enabling an application protocol.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2025-11-03T15:48:09.729Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48397", "state": "PUBLISHED", "dateUpdated": "2025-11-03T15:48:09.729Z", "dateReserved": "2025-05-20T04:07:25.101Z", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "datePublished": "2025-11-03T08:28:53.084Z", "assignerShortName": "Eaton"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The privileged user could log in without sufficient credentials after enabling an application protocol.\u00a0This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004)."}], "id": "CVE-2025-48397", "lastModified": "2025-11-03T16:15:35.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}, "published": "2025-11-03T09:15:46.057", "references": [{"source": "CybersecurityCOE@eaton.com", "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1030.pdf"}], "sourceIdentifier": "CybersecurityCOE@eaton.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}

{}

{}