CVE-2025-13845
Published: 15 January 2026
Summary
CVE-2025-13845 is a high-severity Use After Free (CWE-416) vulnerability in Schneider-Electric Ecostruxure Power Build - Rapsody. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 22.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-13845 is a CWE-416 Use After Free vulnerability affecting Rapsody software. The flaw occurs when an end user imports a malicious project file in SSD format, potentially leading to remote code execution. Published on 2026-01-15 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), it targets the file parsing mechanism in Rapsody.
An attacker can exploit this vulnerability by crafting a malicious SSD project file and tricking a user into importing it into Rapsody on their local system. No privileges are required (PR:N), but user interaction is necessary (UI:R), such as via social engineering to convince the victim to open the file. Successful exploitation grants high-impact confidentiality, integrity, and availability consequences, enabling remote code execution on the affected machine.
Mitigation details are outlined in the Schneider Electric security advisory SEVD-2026-013-04, available at the referenced PDF URL. Security practitioners should consult this document for patch information, workarounds, and affected versions of Rapsody.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2706
Vulnerability details
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UAF in local file parser enables client-side RCE when user opens crafted SSD file (T1204.002); directly matches Exploitation for Client Execution (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through patching the Use After Free vulnerability in Rapsody's SSD file parsing directly prevents remote code execution as outlined in the Schneider Electric advisory.
Memory protection mechanisms such as ASLR, DEP, and stack canaries mitigate exploitation of the CWE-416 Use After Free vulnerability to prevent arbitrary code execution.
Validating the structure and integrity of imported SSD project files prevents malformed inputs from triggering the Use After Free condition during parsing.