Cyber Resilience

CVE-2025-1070

High

Published: 13 February 2025

Published
13 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 34.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1070 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Schneider Electric (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1070 is a CWE-434 unrestricted upload of file with dangerous type vulnerability that could render the affected device inoperable when a malicious file is downloaded. Published on 2025-02-13 with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), it impacts a Schneider Electric device, as detailed in their security notice.

An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required (UI:N). Successful exploitation allows high integrity (I:H) and availability (A:H) impact with no confidentiality impact, potentially rendering the device inoperable by uploading a malicious file that is subsequently downloaded.

The Schneider Electric security and safety notice SEVD-2025-042-01, available at the referenced URL, provides details on mitigation measures for this vulnerability.

EU & UK References

Vulnerability details

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unrestricted file upload vulnerability (CWE-434) in a network-exposed Schneider Electric device interface directly enables remote exploitation of a public-facing application to upload malicious content, leading to integrity/availability impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56975Shared CWE-434
CVE-2019-25580Shared CWE-434
CVE-2026-27636Shared CWE-434
CVE-2026-4809Shared CWE-434
CVE-2020-37090Shared CWE-434
CVE-2026-24729Shared CWE-434
CVE-2026-28289Shared CWE-434
CVE-2026-1730Shared CWE-434
CVE-2023-50897Shared CWE-434
CVE-2025-70457Shared CWE-434

Affected Assets

Schneider Electric
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses unrestricted upload of dangerous file types by validating all information inputs at upload points to ensure only safe files are accepted.

prevent

Restricts classes of dangerous file types from being uploaded, preventing attackers from introducing malicious files even with low privileges.

prevent

Establishes processes to identify, report, and remediate the specific flaw enabling unrestricted file uploads, eliminating the vulnerability.

References