Cyber Resilience

CVE-2025-48396

High

Published: 03 November 2025

Published
03 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
EPSS Score 0.0010 26.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-48396 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Eaton BLSS (inferred from references). Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-48396 is an arbitrary code execution vulnerability stemming from improper validation of the file upload functionality in Eaton BLSS. This affects Eaton BLSS versions prior to the patched release 7.3.0.SCP004. The issue, published on 2025-11-03, is rated with a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).

An attacker with low privileges can exploit this vulnerability over the network with low complexity and without requiring user interaction. Successful exploitation enables arbitrary code execution on the affected system, resulting in high integrity and availability impacts alongside low confidentiality impact.

Eaton's security bulletin (ETN-VA-2025-1021) confirms the issue has been addressed in Eaton BLSS version 7.3.0.SCP004, recommending that users apply the latest script patch to mitigate the vulnerability.

EU & UK References

Vulnerability details

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Arbitrary code execution via unrestricted file upload in a network-accessible application (AV:N/PR:L) directly enables exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-56975Shared CWE-434
CVE-2019-25580Shared CWE-434
CVE-2026-27636Shared CWE-434
CVE-2026-4809Shared CWE-434
CVE-2020-37090Shared CWE-434
CVE-2026-24729Shared CWE-434
CVE-2026-28289Shared CWE-434
CVE-2026-1730Shared CWE-434
CVE-2023-50897Shared CWE-434
CVE-2025-70457Shared CWE-434

Affected Assets

Eaton
BLSS
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses improper validation of file uploads by requiring organization-defined input validation mechanisms at system interfaces to prevent unrestricted upload of dangerous file types.

prevent

Mitigates the vulnerability by mandating timely identification, reporting, and correction of flaws, including application of the vendor patch in Eaton BLSS version 7.3.0.SCP004.

preventdetect

Provides defense-in-depth by scanning uploaded files for malicious code at network entry points or endpoints to prevent arbitrary code execution even if validation fails.

References