VDB

CVE-2025-9997

CVE-2025-9997 PUBLISHED CVSS 5.800000190734863 MEDIUM

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session.

EPSS 0.10% · 27.4th percentile

Risk Scores

CVSS 4.0
5.800000190734863
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.10%
27.4th percentile

Affected Products

VendorProductVersions
Schneider ElectricSaitel DP RTUall versions
Schneider ElectricSaitel DR RTUall versions

Timeline

  • Sep 9, 2025 CVE Published
  • Sep 10, 2025 EPSS Score
  • Sep 10, 2025 PoC Published
  • Sep 17, 2025 EPSS Score
  • Sep 18, 2025 PoC Published
  • Sep 25, 2025 EPSS Score
  • Oct 2, 2025 EPSS Score
  • Oct 9, 2025 EPSS Score
  • Oct 17, 2025 EPSS Score
  • Oct 24, 2025 EPSS Score
  • Oct 31, 2025 EPSS Score
  • Nov 7, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›