CVE-2025-13845 is a Use After Free vulnerability classified under CWE-416 found in Schneider Electric's EcoStruxure Power Build Rapsody software. This vulnerability arises when the software improperly manages memory during the import of SSD project files, leading to a condition where freed memory is accessed again. An attacker can craft a malicious SSD file that, when imported by an unsuspecting user, triggers this Use After Free condition, potentially allowing remote code execution within the context of the user running the software. The affected versions include multiple localized builds (French, Spanish, Portuguese, Belgian French and English, International English, and Dutch) up to versions 2.8.x prior to the specified patch levels. The vulnerability does not require authentication but does require user interaction to import the malicious file. The CVSS 4.0 vector indicates low attack complexity and no privileges required, but user interaction is necessary. The impact on confidentiality, integrity, and availability is high, as arbitrary code execution could lead to full system compromise or disruption of critical power management operations. No public exploits have been reported yet, but the vulnerability is published and should be considered a significant threat. The lack of patch links suggests that remediation may still be pending or in progress. Given Schneider Electric’s widespread use in industrial and critical infrastructure sectors, this vulnerability poses a serious risk to operational technology environments.

For European organizations, especially those in industrial, energy, and critical infrastructure sectors, this vulnerability could lead to severe operational disruptions. Successful exploitation allows attackers to execute arbitrary code remotely, potentially leading to system takeover, data theft, sabotage, or disruption of power management processes. This could impact the availability and reliability of power systems, causing cascading effects on manufacturing, utilities, and essential services. Confidentiality breaches could expose sensitive operational data. Given the localized versions affected, organizations in countries like France, Belgium, Spain, Portugal, and the Netherlands are particularly vulnerable. The high severity and ease of exploitation with user interaction increase the risk of targeted attacks or supply chain compromises. The absence of known exploits currently provides a window for proactive defense, but the critical nature of the software in managing power infrastructure elevates the threat level significantly.

1. Immediately restrict the import of SSD project files from untrusted or external sources to prevent malicious file introduction. 2. Implement strict file integrity and origin verification for all project files before import. 3. Monitor and audit user activities related to project file imports to detect suspicious behavior. 4. Apply vendor patches as soon as they become available; maintain close communication with Schneider Electric for updates. 5. Employ network segmentation to isolate systems running EcoStruxure Power Build Rapsody from less secure network zones. 6. Educate users on the risks of importing files from unknown sources and enforce least privilege principles to limit software execution rights. 7. Use endpoint detection and response (EDR) tools to identify anomalous process behavior indicative of exploitation attempts. 8. Conduct regular vulnerability assessments and penetration testing focusing on industrial control systems to identify similar risks.