CVE-2025-22492— Insecure storage of connection strings in FRS

CVSS 6.3 · Medium EPSS 0.03% · P9 Updated Feb 28, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-22492

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Insecure storage of connection strings in FRS

Source: NVD (National Vulnerability Database)

Vulnerability Description

The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

敏感信息的不安全存储

Source: NVD (National Vulnerability Database)

Vulnerability Title

Eaton Foreseer Reporting Software 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Eaton Foreseer Reporting Software是美国伊顿（Eaton）公司的一款用于电力监控系统（EPMS）的报告生成工具，能够实时采集电力数据并生成分析报告，帮助企业优化能源管理和设备性能。 Eaton Foreseer Reporting Software存在安全漏洞，该漏洞源于FRSCore数据库连接字符串可见，可能导致管理员权限获取。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Eaton	Foreseer Reporting Software (FRS)	0 ~ 1.5.100	-

II. Public POCs for CVE-2025-22492

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-22492

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-22492

IV. Related Vulnerabilities

Same product: Foreseer Reporting Software (FRS)

Same vendor: Eaton

Same weakness: CWE-922

V. Comments for CVE-2025-22492

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-22492— Insecure storage of connection strings in FRS

I. Basic Information for CVE-2025-22492

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-22492

III. Intelligence Information for CVE-2025-22492

IV. Related Vulnerabilities

V. Comments for CVE-2025-22492

Leave a comment