CVE-2025-22492

{"id": "CVE-2025-22492", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 0.8}]}, "published": "2025-02-28T09:15:12.680", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf", "source": "CybersecurityCOE@eaton.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this\nstring can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS."}, {"lang": "es", "value": "La cadena de conexi\u00f3n visible para los usuarios con acceso a la base de datos FRSCore en la m\u00e1quina virtual Foreseer Reporting Software (FRS) se puede utilizar para obtener acceso administrativo a la base de datos 4crXref. Esta vulnerabilidad se ha resuelto en la \u00faltima versi\u00f3n 1.5.100 de FRS."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "CybersecurityCOE@eaton.com"}