CVE-2025-1059

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) CWE-770: Existe una vulnerabilidad de asignación de recursos sin límites ni limitación que podría provocar que las comunicaciones se detengan cuando se envían paquetes maliciosos al servidor web del dispositivo.

13 Feb 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-13 06:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-1059

Mitre link : CVE-2025-1059

CVE.ORG link : CVE-2025-1059

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2025-1059", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-13T06:15:21.680", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf", "source": "cybersecurity@se.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could\ncause communications to stop when malicious packets are sent to the webserver of the device."}, {"lang": "es", "value": "CWE-770: Existe una vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites ni limitaci\u00f3n que podr\u00eda provocar que las comunicaciones se detengan cuando se env\u00edan paquetes maliciosos al servidor web del dispositivo."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cybersecurity@se.com"}