PatchSiren cyber security CVE debrief
CVE-2025-11565 Schneider Electric CVE debrief
CVE-2025-11565 is a high-severity path traversal vulnerability in Schneider Electric PowerChute™ Serial Shutdown. According to the advisory, a Web Admin user on the local network can tamper with the POST /REST/UpdateJRE request payload and trigger elevated system access. Schneider Electric says version v1.4 includes a fix.
- Vendor
- Schneider Electric
- Product
- PowerChute™ Serial Shutdown
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-11
- Original CVE updated
- 2025-11-11
- Advisory published
- 2025-11-11
- Advisory updated
- 2025-11-11
Who should care
Organizations running PowerChute™ Serial Shutdown, especially on Microsoft Windows, Red Hat Enterprise Linux, or SuSE Linux systems, should prioritize review if local Web Admin access is exposed to trusted users or shared administrative workflows.
Technical summary
The issue is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The advisory describes a local-network attack scenario requiring low privileges and no user interaction, with potential high impact to confidentiality, integrity, and availability. The affected product is PowerChute™ Serial Shutdown, and the documented remediation is version v1.4 for both Windows and Linux deployments.
Defensive priority
High. The CVSS vector provided is AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, which indicates meaningful impact but with local access and authenticated privilege requirements. That makes it especially important for environments where administrative access is broader than intended.
Recommended defensive actions
- Upgrade PowerChute™ Serial Shutdown to version v1.4 or later on affected Windows and Linux systems.
- Review which users can access the Web Admin interface and restrict local-network administrative access to the smallest practical set.
- Audit POST /REST/UpdateJRE handling and related administrative workflows for unexpected request tampering or unauthorized access attempts.
- Validate that backup and recovery procedures are in place before applying the vendor fix.
- Monitor Schneider Electric and CISA advisory references for any follow-on guidance or additional affected versions.
Evidence notes
The source advisory is ICSA-25-322-04 / CVE-2025-11565, published 2025-11-11. The supplied CSAF metadata identifies the product as PowerChute™ Serial Shutdown and attributes the issue to Schneider Electric in the advisory title. Remediation entries state that version v1.4 fixes the vulnerability for both Windows and Linux. No Known Exploited Vulnerabilities (KEV) listing is provided in the supplied data.
Official resources
-
CVE-2025-11565 CVE record
CVE.org
-
CVE-2025-11565 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory released on 2025-11-11. The supplied records show the CVE published and modified on the same date, with no KEV entry indicated.