CVE-2025-13845: Use After Free
Published Jan 15, 2026
·Updated
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
Affected Software
7 affected components
Schneider-electric Ecostruxure Power Build - Rapsody<=2.8.1.0300
Schneider-electric Ecostruxure Power Build - Rapsody<=2.8.2.0000
Schneider-electric Ecostruxure Power Build - Rapsody<=2.8.3.0100
Schneider-electric Ecostruxure Power Build - Rapsody<=2.8.4.0300
Schneider-electric Ecostruxure Power Build - Rapsody<=2.8.5.0200
Schneider-electric Ecostruxure Power Build - Rapsody<=2.8.7.0100
Schneider-electric Ecostruxure Power Build - Rapsody<=2.8.8.0100
Event History
Jan 15, 2026
CVE Published
via MITRE·06:33 PM
Data Sourced
via MITRE·06:33 PM
DescriptionWeakness
Data Sourced
via NVD·07:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-13845?
CVE-2025-13845 is considered a critical vulnerability due to the potential for remote code execution.
2
How do I fix CVE-2025-13845?
To mitigate CVE-2025-13845, update to versions of Schneider Electric Ecostruxure Power Build - Rapsody that are later than 2.8.8.0100.
3
What causes the vulnerability CVE-2025-13845?
CVE-2025-13845 is caused by a use after free condition when importing malicious project files into Rapsody.
4
What are the potential impacts of CVE-2025-13845?
The potential impact of CVE-2025-13845 includes unauthorized remote code execution on affected systems.
5
Is CVE-2025-13845 present in earlier versions of Ecostruxure Power Build - Rapsody?
Yes, CVE-2025-13845 affects versions up to and including 2.8.8.0100 of Ecostruxure Power Build - Rapsody.