CVE-2025-48395 is a medium-severity vulnerability classified under CWE-22, which pertains to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This issue affects Eaton's NMC G2 product, a network management controller used for power management and infrastructure control. The vulnerability allows an attacker who already has authenticated and privileged access to the device's CLI (Command Line Interface) limited shell to perform path traversal attacks. By exploiting this flaw, the attacker can modify the contents of non-sensitive files outside the intended restricted directory. Although the files affected are non-sensitive, unauthorized modification can still impact system integrity and availability. The vulnerability does not require user interaction but does require high-level privileges, indicating that the attacker must have already gained significant access to the system. The CVSS v3.1 base score is 4.7, reflecting a medium severity with network attack vector, low attack complexity, and no user interaction needed. Eaton has addressed this vulnerability in the latest version of NMC G2, which is available for download from their official center. No known exploits are currently reported in the wild, but the presence of this vulnerability in critical infrastructure management devices underscores the importance of timely patching.

For European organizations, the impact of CVE-2025-48395 can be significant, especially for those relying on Eaton NMC G2 devices to manage critical power infrastructure such as data centers, industrial facilities, and utilities. Although the vulnerability affects non-sensitive files, unauthorized modification can lead to system misconfigurations, degraded device performance, or denial of service conditions, potentially disrupting power management operations. This can affect operational continuity and may indirectly impact confidentiality and integrity if attackers leverage this foothold for further lateral movement or privilege escalation. Given the reliance on such devices in sectors like manufacturing, energy, and telecommunications across Europe, exploitation could lead to operational disruptions and financial losses. The requirement for authenticated privileged access limits the risk to insider threats or attackers who have already compromised administrative credentials, but it still represents a serious risk in environments where credential hygiene is weak or where attackers have gained initial access through other means.

European organizations using Eaton NMC G2 should immediately verify their device versions and upgrade to the latest patched firmware available from Eaton's official download center. Beyond patching, organizations should enforce strict access controls and multi-factor authentication for administrative interfaces to reduce the risk of credential compromise. Network segmentation should be employed to isolate management interfaces from general network access, limiting exposure to potential attackers. Regular auditing of user accounts and privileges on NMC G2 devices is essential to detect and remove unnecessary privileged accounts. Implementing monitoring and alerting for unusual file modifications or CLI commands can help detect exploitation attempts early. Additionally, organizations should conduct periodic security assessments and penetration testing focused on management infrastructure to identify and remediate similar vulnerabilities proactively.