CVE-2025-11565 is a path traversal vulnerability classified under CWE-22 found in Schneider Electric's PowerChute™ Serial Shutdown software, specifically affecting versions 1.3 and earlier. The vulnerability arises due to improper validation and limitation of pathname inputs in the POST /REST/UpdateJRE API endpoint. A Web Admin user on the local network can tamper with the request payload to traverse directories outside the intended restricted path, potentially accessing or modifying sensitive files. This can lead to elevated system privileges, allowing attackers to execute unauthorized actions or escalate their access level. The CVSS 4.0 base score is 7.3 (high), reflecting the requirement for local network access (AV:L), high attack complexity (AC:H), and the need for low privileges (PR:L) but no user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability with high scope and impact metrics. No patches or exploits are currently publicly available, but the risk remains significant due to the critical role of PowerChute in managing power shutdowns and system stability. The vulnerability's exploitation could disrupt power management processes, leading to potential downtime or damage to connected systems. The flaw is particularly concerning in industrial, data center, and critical infrastructure environments where PowerChute is deployed.

For European organizations, this vulnerability poses a significant risk, especially for those in sectors relying heavily on Schneider Electric's power management solutions, such as manufacturing, energy, telecommunications, and data centers. Exploitation could lead to unauthorized access and control over power management systems, potentially causing improper shutdowns, data loss, or operational disruptions. This could affect business continuity and safety, particularly in critical infrastructure environments. Given the local network access requirement, internal threat actors or attackers who gain network foothold could leverage this vulnerability to escalate privileges and move laterally. The impact on confidentiality, integrity, and availability is high, with potential cascading effects on connected systems and services. European organizations must consider the regulatory implications of such a compromise, including GDPR concerns if personal or sensitive data is affected indirectly through system disruptions.

1. Restrict network access to the PowerChute management interface strictly to trusted administrators and secure management VLANs to prevent unauthorized local network access. 2. Implement network segmentation and firewall rules to isolate PowerChute devices from general user networks. 3. Monitor and log POST /REST/UpdateJRE requests for unusual or malformed payloads indicative of path traversal attempts. 4. Employ application-layer filtering or Web Application Firewalls (WAFs) that can detect and block path traversal patterns in HTTP requests. 5. Coordinate with Schneider Electric for timely patch releases and apply updates as soon as they become available. 6. Conduct regular security assessments and penetration tests focusing on power management systems to identify and remediate similar vulnerabilities. 7. Educate administrators on the risks of local network access and enforce strong authentication and access controls for Web Admin users. 8. Maintain offline backups and incident response plans to quickly recover from potential exploitation impacts.