PatchSiren cyber security CVE debrief
CVE-2025-11567 Schneider Electric CVE debrief
CVE-2025-11567 is a high-severity local privilege-risk issue in Schneider Electric PowerChute Serial Shutdown. According to the CISA CSAF advisory, the flaw is a CWE-276 incorrect default permissions problem that could allow elevated system access when the target installation folder is not properly secured. Schneider Electric states that version v1.4 includes a fix, and recommends applying the update and securing any custom installation folder with administrative permissions.
- Vendor
- Schneider Electric
- Product
- PowerChuteâ„¢ Serial Shutdown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-11
- Original CVE updated
- 2025-11-11
- Advisory published
- 2025-11-11
- Advisory updated
- 2025-11-11
Who should care
Administrators and operators running PowerChute Serial Shutdown, especially environments that use custom installation paths or manage the product on Windows or Linux systems.
Technical summary
The advisory describes an incorrect default permissions condition affecting PowerChute Serial Shutdown. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a locally exploitable issue requiring low privileges, with potentially complete impacts to confidentiality, integrity, and availability. The remediation guidance focuses on upgrading to version v1.4 and ensuring the installation folder, especially custom folders, is protected with appropriate administrative permissions.
Defensive priority
High. The CVSS 7.8 score and local low-privilege vector make this a meaningful hardening priority for hosts running the affected product, particularly where installation directory permissions may be weak or customized.
Recommended defensive actions
- Upgrade PowerChute Serial Shutdown to version v1.4 on affected Windows or Linux deployments.
- Review the installation folder permissions, especially for any custom install path, and ensure administrative permissions are applied.
- Verify that the product is installed only on hosts where local access is appropriately restricted.
- Use the linked Schneider Electric Security Handbook for the vendor's detailed mitigation steps.
- Track the CISA advisory and vendor notice for any follow-up guidance or clarifications.
Evidence notes
All statements are grounded in the supplied CISA CSAF advisory and Schneider Electric reference materials. The source describes the issue as CWE-276 incorrect default permissions and states that version v1.4 includes a fix. The supplied data also gives a CVSS 3.1 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Vendor attribution in the prompt is marked low confidence and should be treated cautiously; the source advisory title names Schneider Electric PowerChute Serial Shutdown.
Official resources
-
CVE-2025-11567 CVE record
CVE.org
-
CVE-2025-11567 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA and referenced by Schneider Electric on 2025-11-11 as ICSA-25-322-04 / SEVD-2025-315-01. No Known Exploited Vulnerabilities (KEV) entry was provided in the supplied source corpus.