CVE-2025-22492

{"id": "CVE-2025-22492", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 0.8}]}, "published": "2025-02-28T09:15:12.680", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf", "source": "CybersecurityCOE@eaton.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this\nstring can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS."}], "lastModified": "2025-02-28T09:15:12.680", "sourceIdentifier": "CybersecurityCOE@eaton.com"}