CVE-2025-11567 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting Schneider Electric's PowerChute Serial Shutdown software, specifically versions 1.3 and earlier. The root cause is improper default permissions set on the installation folder, which can allow users with limited privileges to escalate their access rights on the affected system. This vulnerability does not require user interaction but does require the attacker to have some level of local access (low attack vector). The CVSS 4.0 base score is 7.3, indicating a high severity due to the potential for significant impact on confidentiality, integrity, and availability of the system. The vulnerability could allow unauthorized modification or execution of files within the installation directory, potentially leading to privilege escalation and control over the system. No public exploits have been reported yet, but the presence of incorrect permissions is a common and easily exploitable weakness if local access is obtained. The vulnerability is particularly concerning in environments where PowerChute Serial Shutdown is used to manage power and shutdown sequences for critical infrastructure, increasing the risk of disruption or sabotage. The lack of a patch link suggests that remediation may currently rely on manual permission corrections or awaiting vendor updates.

For European organizations, this vulnerability poses a significant risk especially in sectors relying on uninterrupted power management such as data centers, manufacturing, healthcare, and utilities. Exploitation could lead to unauthorized system control, potentially disrupting power shutdown sequences and causing operational downtime or damage to hardware. Confidentiality could be compromised if attackers gain access to sensitive system files or logs. Integrity is at risk due to possible unauthorized modification of software components or configuration files. Availability could be impacted if attackers manipulate shutdown processes or cause system instability. Given Schneider Electric's strong market presence in Europe, particularly in Germany, France, the UK, and the Netherlands, organizations in these countries are more vulnerable. The vulnerability's requirement for local access means insider threats or attackers with initial footholds could leverage it for privilege escalation, increasing the threat level in environments with multiple users or less restrictive local access policies.

Organizations should immediately audit the permissions of the PowerChute Serial Shutdown installation folder and ensure that only authorized system administrators have write and modify permissions. Restrict local user privileges to the minimum necessary to operate their roles, preventing unprivileged users from accessing installation directories. Monitor and log access attempts to critical software folders to detect suspicious activity. Apply application whitelisting to prevent unauthorized execution of modified files. Until an official patch is released by Schneider Electric, consider isolating affected systems from untrusted users and networks to reduce risk. Regularly review and update endpoint security controls and implement strict access control policies. Engage with Schneider Electric support to obtain guidance on patch availability and recommended configuration hardening. Additionally, conduct user training to raise awareness about the risks of local privilege escalation and the importance of secure system configurations.