CVE-2025-48394 is a medium-severity vulnerability classified under CWE-22, which pertains to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This issue affects Eaton's G4 Power Distribution Unit (PDU) product. The vulnerability allows an attacker who already has authenticated and privileged access to the device's command-line interface (CLI) limited shell to traverse directories beyond the intended restricted scope. By exploiting this flaw, the attacker can modify the contents of non-sensitive files outside the designated directory boundaries. Although the files affected are non-sensitive, unauthorized modification can lead to integrity and availability concerns, such as disrupting device operation or configuration. The vulnerability does not require user interaction and has a CVSS v3.1 base score of 4.7, indicating a medium severity level. The attack vector is network-based, with low attack complexity, but requires high privileges, and does not impact confidentiality significantly but affects integrity and availability to a limited extent. Eaton has addressed this vulnerability in the latest firmware version available on their download center, although no direct patch links were provided in the source information. There are no known exploits in the wild at this time. The vulnerability was reserved in May 2025 and published in August 2025, indicating recent discovery and disclosure.

For European organizations using Eaton G4 PDUs, this vulnerability poses a moderate risk primarily to the integrity and availability of power distribution infrastructure. Since PDUs are critical for managing power supply in data centers, telecommunications, and industrial environments, unauthorized modification of files—even non-sensitive ones—could lead to misconfigurations, service interruptions, or denial of power management functions. This could affect uptime and operational continuity, especially in sectors reliant on high availability such as finance, healthcare, and critical infrastructure. The requirement for authenticated privileged access limits the risk to insiders or attackers who have already compromised credentials, but insider threats or lateral movement within networks could exploit this vulnerability. Given the network attack vector, remote exploitation within the organization's internal network is possible. The impact on confidentiality is minimal, but integrity and availability impacts could disrupt operations and require incident response efforts.

European organizations should prioritize updating Eaton G4 PDUs to the latest firmware version that addresses CVE-2025-48394, available from Eaton's official download center. Until patching is completed, organizations should enforce strict access controls to limit privileged CLI access to trusted administrators only, employing multi-factor authentication where possible. Network segmentation should be used to isolate PDUs from general user networks, reducing the risk of lateral movement by attackers. Monitoring and logging of CLI access and file modifications on the PDU should be enabled to detect suspicious activities promptly. Additionally, organizations should review and harden their privileged access management policies and consider implementing anomaly detection for unusual command-line behaviors. Regular audits of PDU configurations and file integrity checks can help identify unauthorized changes early. Finally, organizations should engage with Eaton support for any additional recommended mitigations or updates.