PatchSiren cyber security CVE debrief
CVE-2025-11566 Schneider Electric CVE debrief
CVE-2025-11566 is a HIGH-severity authentication weakness in Schneider Electric PowerChute Serial Shutdown. CISA’s advisory says a local-network attacker could make an arbitrary number of authentication attempts with different credentials against the /REST/shutdownnow endpoint and potentially gain access to the user account. Schneider Electric lists version v1.4 as the fixed release.
- Vendor
- Schneider Electric
- Product
- PowerChute™ Serial Shutdown
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-11
- Original CVE updated
- 2025-11-11
- Advisory published
- 2025-11-11
- Advisory updated
- 2025-11-11
Who should care
Administrators and operators of PowerChute Serial Shutdown deployments, especially systems exposed to local network access paths on Windows or Linux. Industrial and UPS-management environments should prioritize this issue because it affects an authentication boundary on a management endpoint.
Technical summary
The advisory describes a CWE-307 issue: improper restriction of excessive authentication attempts. The affected service exposes the /REST/shutdownnow endpoint, and a local-network attacker can try unlimited credentials without effective throttling or lockout. The source indicates that PowerChute Serial Shutdown v1.4 includes a fix, with vendor download links provided for Windows and Linux.
Defensive priority
High. The issue is network-reachable from the local network, has no user interaction requirement, and is rated CVSS 7.3 (HIGH) in the source advisory. Systems that rely on PowerChute Serial Shutdown for shutdown or power-management operations should remediate promptly.
Recommended defensive actions
- Upgrade PowerChute Serial Shutdown to version v1.4 using the vendor-provided Windows or Linux download.
- Restrict local-network access to the management interface and /REST/shutdownnow endpoint using segmentation or allowlisting.
- Review authentication logs for repeated or high-volume login attempts against PowerChute Serial Shutdown endpoints.
- Follow CISA ICS defense-in-depth and recommended-practices guidance for securing industrial control and management interfaces.
- Validate that any deployed PowerChute Serial Shutdown installations match the vendor advisory and remediation guidance before returning systems to service.
Evidence notes
All factual claims here are drawn from the supplied CISA CSAF advisory for ICSA-25-322-04 / CVE-2025-11566 and its referenced Schneider Electric security notice. The source advisory is dated 2025-11-11 and states the flaw is a CWE-307 improper restriction of excessive authentication attempts against /REST/shutdownnow. The source corpus names Schneider Electric in the advisory title and vendor metadata; the prompt’s vendor field is low-confidence and marked for review, so this debrief uses the advisory naming while avoiding unsupported vendor assumptions.
Official resources
-
CVE-2025-11566 CVE record
CVE.org
-
CVE-2025-11566 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF advisory ICSA-25-322-04 was originally released on 2025-11-11 (per source revision history). This debrief reflects the CVE publication date supplied in the corpus, not any later generation time.