CVE-2025-11566 is a vulnerability classified under CWE-307, indicating improper restriction of excessive authentication attempts. It affects Schneider Electric's PowerChute™ Serial Shutdown software, specifically versions 1.3 and earlier. The vulnerability resides in the /REST/shutdownnow endpoint, which is designed to allow authorized users to initiate a shutdown sequence. Due to the lack of rate limiting or lockout mechanisms, an attacker positioned on the same local network can perform an unlimited number of authentication attempts with different credentials. This brute-force capability enables the attacker to eventually gain unauthorized access to a user account without any authentication or user interaction prerequisites. The vulnerability is remotely exploitable over the network without privileges or user interaction, increasing its risk profile. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N) reflects network attack vector, low attack complexity, no privileges or user interaction required, and low to limited impacts on confidentiality, integrity, and availability. Although no public exploits are known, the vulnerability could be leveraged to execute unauthorized shutdown commands, potentially disrupting critical systems reliant on PowerChute™ for orderly power management. The absence of patch links suggests that remediation may be pending or requires vendor engagement. The vulnerability's presence in industrial control environments or data centers elevates its significance due to the criticality of uninterrupted power management.

For European organizations, especially those operating critical infrastructure, data centers, or industrial environments, this vulnerability poses a risk of unauthorized shutdowns leading to operational disruption, potential data loss, and safety hazards. PowerChute™ Serial Shutdown is commonly deployed to manage UPS systems and ensure graceful shutdowns during power events. Exploitation could allow attackers to forcibly shut down systems, causing downtime and impacting business continuity. Confidentiality and integrity impacts are limited but non-negligible since unauthorized access to user accounts could facilitate further malicious actions. The medium CVSS score reflects a moderate threat level; however, the ease of exploitation without authentication or user interaction increases urgency. Organizations in sectors such as energy, manufacturing, healthcare, and finance in Europe could face increased exposure. Additionally, disruption in critical infrastructure could have cascading effects on national security and public safety. The local network attack vector implies that internal network security posture is critical to mitigating risk.

1. Apply vendor patches or updates as soon as they become available to address this vulnerability. 2. Implement strict network segmentation to isolate PowerChute™ Serial Shutdown systems from general user networks, limiting local network access to trusted administrators only. 3. Deploy network-level intrusion detection and prevention systems (IDS/IPS) to monitor and block brute-force authentication attempts targeting the /REST/shutdownnow endpoint. 4. Enforce strong authentication policies and consider multi-factor authentication (MFA) for access to PowerChute management interfaces where possible. 5. Regularly audit logs for repeated failed authentication attempts and unusual access patterns. 6. Restrict access to the REST API endpoints to known IP addresses or via VPN tunnels to reduce exposure. 7. Educate network administrators about this vulnerability and encourage prompt incident reporting. 8. If patching is delayed, consider temporary compensating controls such as disabling the vulnerable endpoint if feasible or deploying web application firewalls (WAF) with rate limiting rules.