CVE-2025-48393

Medium CVSS: 5.7

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is available on the Eaton download center.

Vendor

Product

CWE

CWE-295

Yayın Tarihi

2025-08-06 16:15:29

Güncelleme

2026-02-09 06:16:23

Source Identifier

CybersecurityCOE@eaton.com

KEV Date Added

Kategoriler

CWE-295 MEDIUM 2025

Referanslar

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1002.pdf