CVE-2025-1060

CVE-2025-1060 is a CWE-319 Cleartext Transmission of Sensitive Information vulnerability that could result in the exposure of data when network traffic is sniffed by an attacker. It affects certain Schneider Electric products, as outlined in their security notice SEVD-2025-042-01. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.

An attacker with the ability to monitor or sniff network traffic—such as through man-in-the-middle interception on shared networks or compromised infrastructure—can exploit this issue. Successful exploitation allows the attacker to capture sensitive information transmitted in cleartext, achieving high-impact confidentiality violations without affecting integrity or availability.

For mitigation details, refer to the official Schneider Electric advisory at https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf, which was published alongside the CVE on 2025-02-13.