Analysis Summary

CVE-2025-2442 CVSS:6.8

Schneider Electric Trio Q Licensed Data Radios could allow a physical attacker to gain unauthorized access, caused by initialization of a resource with an insecure default flaw.

CVE-2025-2441 CVSS:4.6

Schneider Electric Trio Q Licensed Data Radios could allow a physical attacker to obtain confidential data, caused by not correctly initialize all data when sets the radio in factory default mode.

CVE-2025-2440 CVSS:4.2

Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode.

CVE-2025-2223 CVSS:7.8

Schneider Electric ConneXium Network Manager could allow a local attacker to gain elevated privileges on the system, caused by improper input validation.

CVE-2025-2222 CVSS:7.8

Schneider Electric ConneXium Network Manager could allow a local attacker to gain elevated privileges on the system, caused by files or directories accessible to external parties over https.

Impact

• Gain Access
• Information Disclosure
• Security Bypass
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2025-2442

• CVE-2025-2441

• CVE-2025-2440

• CVE-2025-2223

• CVE-2025-2222

Affected Vendors

Affected Products

• Schneider Electric Trio Q Licensed Data Radio - 2.7
• Schneider Electric ConneXium Network Manager - 2.0.01

Remediation

Refer to Schneider Electric Website for patch, upgrade, or suggested workaround information.

CVE-2025-2442

CVE-2025-2441

CVE-2025-2440

CVE-2025-2223

CVE-2025-2222