CVE-2025-2002

MEDIUM

FTP Server <debug - Info Disclosure

Title source: llm

Description

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.

References (1)

[Various Sources] https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-01.pdf

Scores

CVSS v3 6.0

EPSS 0.0003

EPSS Percentile 8.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (1)

Schneider Electric/EcoStruxure Panel Server v2.0 and prior

Published Mar 12, 2025

Tracked Since Feb 18, 2026