VDB
CVE-2025-9997
CVE-2025-9997
PUBLISHED
CVSS 5.800000190734863 MEDIUM
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session.
EPSS 0.10% · 27.4th percentile
Risk Scores
CVSS 4.0
5.800000190734863
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.10%
27.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric | Saitel DP RTU | all versions |
| Schneider Electric | Saitel DR RTU | all versions |
Timeline
- Sep 9, 2025 CVE Published
- Sep 10, 2025 EPSS Score
- Sep 10, 2025 PoC Published
- Sep 17, 2025 EPSS Score
- Sep 18, 2025 PoC Published
- Sep 25, 2025 EPSS Score
- Oct 2, 2025 EPSS Score
- Oct 9, 2025 EPSS Score
- Oct 17, 2025 EPSS Score
- Oct 24, 2025 EPSS Score
- Oct 31, 2025 EPSS Score
- Nov 7, 2025 EPSS Score