PatchSiren cyber security CVE debrief
CVE-2025-5296 Schneider Electric CVE debrief
Schneider Electric disclosed a high-severity SESU vulnerability, CVE-2025-5296, where improper link resolution before file access can let a low-privileged attacker tamper with the installation folder and write arbitrary data to protected locations. The vendor states this can lead to privilege escalation, arbitrary file corruption, exposure of application and system information, or persistent denial of service. The advisory identifies SESU versions prior to 3.0.12 as affected across multiple Schneider Electric products that use SESU, and provides version 3.0.12 as the fix.
- Vendor
- Schneider Electric
- Product
- SESU
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-08-12
- Advisory updated
- 2025-09-09
Who should care
Organizations running Schneider Electric SESU in industrial, automation, or energy environments should care, especially administrators who manage affected installations and any site where the SESU installation folder may be reachable by lower-privileged users or network-accessible services.
Technical summary
This is a CWE-59 link-following issue in SESU. If a low-privileged attacker can tamper with the installation folder, SESU may follow links in a way that allows writes to protected locations. The advisory links this to escalation of privilege, file corruption, disclosure of application or system information, and persistent denial of service. CISA’s CSAF entry lists CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H with a score of 7.3.
Defensive priority
High. The vulnerability is locally exploitable with low privileges, affects widely deployed Schneider Electric SESU-based products, and has an available vendor fix. Environments that cannot patch immediately should apply the vendor mitigation to restrict access to the SESU installation directory.
Recommended defensive actions
- Update SESU to version 3.0.12 using the vendor-provided installer.
- If SESU was previously installed, verify whether the automatic critical background update to 3.0.12 has already occurred.
- Restrict the SESU installation directory so it is not accessible from the network and is only available to trusted users.
- Review affected Schneider Electric systems that include SESU and prioritize patching in operational environments where local access boundaries are weak.
- Monitor for unexpected changes in the SESU installation folder or related protected locations until remediation is complete.
Evidence notes
The source corpus is the CISA CSAF advisory ICSA-25-266-03 for Schneider Electric SESU, published 2025-08-12 and modified 2025-09-09. The advisory explicitly describes CWE-59 link-following, lists SESU versions prior to 3.0.12 as affected, and states that version 3.0.12 fixes the issue. It also recommends keeping the installation directory inaccessible from the network and limited to trusted persons. Revision history shows 2.0.0 added SESU as a standalone known-affected and fixed entry.
Official resources
-
CVE-2025-5296 CVE record
CVE.org
-
CVE-2025-5296 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and Schneider Electric on 2025-08-12; the advisory was revised on 2025-09-09.