CVE-2025-52550
HIGHDescription
E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.
Is your site exposed to CVE-2025-52550?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| copeland | e3_supervisory_controller_firmware |
| copeland | site_supervisor_bx_860-1240 |
| copeland | site_supervisor_bxe_860-1245 |
| copeland | site_supervisor_cx_860-1260 |
| copeland | site_supervisor_cxe_860-1265 |
| copeland | site_supervisor_rx_860-1220 |
| copeland | site_supervisor_rxe_860-1225 |
| copeland | site_supervisor_sf_860-1200 |
References
Other References
Frequently Asked Questions
What is CVE-2025-52550? +
How severe is CVE-2025-52550? +
What products are affected by CVE-2025-52550? +
How do I check if I'm vulnerable to CVE-2025-52550? +
Related Vulnerabilities
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX …
Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed …
aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is …
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on …
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability …
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability …