CVE-2025-48394: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Eaton G4 PDU
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center.
AI Analysis
Technical Summary
CVE-2025-48394 is a medium-severity vulnerability classified under CWE-22, which pertains to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This issue affects Eaton's G4 Power Distribution Unit (PDU) product. The vulnerability allows an attacker who already has authenticated and privileged access to the device's command-line interface (CLI) limited shell to traverse directories beyond the intended restricted scope. By exploiting this flaw, the attacker can modify the contents of non-sensitive files outside the designated directory boundaries. Although the files affected are non-sensitive, unauthorized modification can lead to integrity and availability concerns, such as disrupting device operation or configuration. The vulnerability does not require user interaction and has a CVSS v3.1 base score of 4.7, indicating a medium severity level. The attack vector is network-based, with low attack complexity, but requires high privileges, and does not impact confidentiality significantly but affects integrity and availability to a limited extent. Eaton has addressed this vulnerability in the latest firmware version available on their download center, although no direct patch links were provided in the source information. There are no known exploits in the wild at this time. The vulnerability was reserved in May 2025 and published in August 2025, indicating recent discovery and disclosure.
Potential Impact
For European organizations using Eaton G4 PDUs, this vulnerability poses a moderate risk primarily to the integrity and availability of power distribution infrastructure. Since PDUs are critical for managing power supply in data centers, telecommunications, and industrial environments, unauthorized modification of files—even non-sensitive ones—could lead to misconfigurations, service interruptions, or denial of power management functions. This could affect uptime and operational continuity, especially in sectors reliant on high availability such as finance, healthcare, and critical infrastructure. The requirement for authenticated privileged access limits the risk to insiders or attackers who have already compromised credentials, but insider threats or lateral movement within networks could exploit this vulnerability. Given the network attack vector, remote exploitation within the organization's internal network is possible. The impact on confidentiality is minimal, but integrity and availability impacts could disrupt operations and require incident response efforts.
Mitigation Recommendations
European organizations should prioritize updating Eaton G4 PDUs to the latest firmware version that addresses CVE-2025-48394, available from Eaton's official download center. Until patching is completed, organizations should enforce strict access controls to limit privileged CLI access to trusted administrators only, employing multi-factor authentication where possible. Network segmentation should be used to isolate PDUs from general user networks, reducing the risk of lateral movement by attackers. Monitoring and logging of CLI access and file modifications on the PDU should be enabled to detect suspicious activities promptly. Additionally, organizations should review and harden their privileged access management policies and consider implementing anomaly detection for unusual command-line behaviors. Regular audits of PDU configurations and file integrity checks can help identify unauthorized changes early. Finally, organizations should engage with Eaton support for any additional recommended mitigations or updates.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Finland
CVE-2025-48394: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Eaton G4 PDU
Description
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center.
AI-Powered Analysis
Technical Analysis
CVE-2025-48394 is a medium-severity vulnerability classified under CWE-22, which pertains to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This issue affects Eaton's G4 Power Distribution Unit (PDU) product. The vulnerability allows an attacker who already has authenticated and privileged access to the device's command-line interface (CLI) limited shell to traverse directories beyond the intended restricted scope. By exploiting this flaw, the attacker can modify the contents of non-sensitive files outside the designated directory boundaries. Although the files affected are non-sensitive, unauthorized modification can lead to integrity and availability concerns, such as disrupting device operation or configuration. The vulnerability does not require user interaction and has a CVSS v3.1 base score of 4.7, indicating a medium severity level. The attack vector is network-based, with low attack complexity, but requires high privileges, and does not impact confidentiality significantly but affects integrity and availability to a limited extent. Eaton has addressed this vulnerability in the latest firmware version available on their download center, although no direct patch links were provided in the source information. There are no known exploits in the wild at this time. The vulnerability was reserved in May 2025 and published in August 2025, indicating recent discovery and disclosure.
Potential Impact
For European organizations using Eaton G4 PDUs, this vulnerability poses a moderate risk primarily to the integrity and availability of power distribution infrastructure. Since PDUs are critical for managing power supply in data centers, telecommunications, and industrial environments, unauthorized modification of files—even non-sensitive ones—could lead to misconfigurations, service interruptions, or denial of power management functions. This could affect uptime and operational continuity, especially in sectors reliant on high availability such as finance, healthcare, and critical infrastructure. The requirement for authenticated privileged access limits the risk to insiders or attackers who have already compromised credentials, but insider threats or lateral movement within networks could exploit this vulnerability. Given the network attack vector, remote exploitation within the organization's internal network is possible. The impact on confidentiality is minimal, but integrity and availability impacts could disrupt operations and require incident response efforts.
Mitigation Recommendations
European organizations should prioritize updating Eaton G4 PDUs to the latest firmware version that addresses CVE-2025-48394, available from Eaton's official download center. Until patching is completed, organizations should enforce strict access controls to limit privileged CLI access to trusted administrators only, employing multi-factor authentication where possible. Network segmentation should be used to isolate PDUs from general user networks, reducing the risk of lateral movement by attackers. Monitoring and logging of CLI access and file modifications on the PDU should be enabled to detect suspicious activities promptly. Additionally, organizations should review and harden their privileged access management policies and consider implementing anomaly detection for unusual command-line behaviors. Regular audits of PDU configurations and file integrity checks can help identify unauthorized changes early. Finally, organizations should engage with Eaton support for any additional recommended mitigations or updates.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Eaton
- Date Reserved
- 2025-05-20T04:07:25.100Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68937922ad5a09ad00f257af
Added to database: 8/6/2025, 3:47:46 PM
Last enriched: 8/6/2025, 4:02:46 PM
Last updated: 8/18/2025, 1:22:21 AM
Views: 22
Related Threats
CVE-2025-9105: Cross Site Scripting in Portabilis i-Diario
MediumCVE-2025-9104: Cross Site Scripting in Portabilis i-Diario
MediumCVE-2025-9102: Improper Export of Android Application Components in 1&1 Mail & Media mail.com App
MediumCVE-2025-9101: Cross Site Scripting in zhenfeng13 My-Blog
MediumCVE-2025-9100: Authentication Bypass by Capture-replay in zhenfeng13 My-Blog
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.