Use-After-Free in Rapsody SSD Import RCE
CVE-2025-13845 Published on January 15, 2026
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2025-13845 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2025-13845
Want to know whenever a new CVE is published for Schneider Electric Ecostruxure Power Build Rapsody? stack.watch will email you.
Affected Versions
Schneider Electric EcoStruxure Power Build Rapsody:- Version FR v2.8.1.0300 and prior is affected.
- Version ESP v2.8.5.0200 and prior is affected.
- Version PT v2.8.7.0100 and prior is affected.
- Version BEL (FR) v2.8.8.0100 and prior is affected.
- Version BEL (EN) v2.8.3.0100 and prior is affected.
- Version INT (EN) v2.8.4.0300 and prior is affected.
- Version NL v2.8.2.0000 and prior is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.