CVE-2025-11567 identifies a vulnerability categorized under CWE-276 (Incorrect Default Permissions) in Schneider Electric's PowerChute™ Serial Shutdown software, versions 1.3 and earlier. The flaw arises because the installation folder for the software is not properly secured by default, allowing users with limited privileges to gain elevated system access. This vulnerability is a local privilege escalation issue, requiring the attacker to have some level of access to the system but no user interaction is needed to exploit it. The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), partial privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H, I:H, A:H). The vulnerability does not involve scope change or network access, but the potential for an attacker to escalate privileges could lead to full system compromise, unauthorized data access, or disruption of critical shutdown processes managed by PowerChute™. Although no exploits are currently known in the wild, the risk is significant given the critical nature of the software in managing power and shutdown sequences for UPS systems. The vulnerability was reserved in early October 2025 and published in November 2025, with no patches currently linked, indicating that affected organizations must implement interim controls. The vulnerability affects installations where default permissions have not been hardened, emphasizing the importance of secure configuration management.

For European organizations, especially those in energy, manufacturing, data centers, and critical infrastructure sectors relying on Schneider Electric's PowerChute™ Serial Shutdown, this vulnerability poses a significant risk. Exploitation could allow attackers with limited local access to escalate privileges, potentially leading to unauthorized control over power management and shutdown processes. This could result in operational disruptions, data loss, or damage to hardware due to improper shutdown sequences. Given the critical role of UPS systems in maintaining power continuity, the vulnerability could indirectly impact availability of essential services. Confidentiality and integrity of system data could also be compromised if attackers gain elevated access. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in environments where insider threats or lateral movement by attackers are possible. European organizations with strict regulatory requirements for operational resilience and cybersecurity must consider this vulnerability a high priority to avoid compliance and operational risks.

1. Immediately review and harden the permissions on the PowerChute™ Serial Shutdown installation folder to ensure only trusted administrators have access. 2. Restrict local user accounts from accessing the installation directory or executing files within it unless explicitly authorized. 3. Monitor local system logs for unusual privilege escalation attempts or unauthorized access to the PowerChute™ installation path. 4. Implement strict access control policies and use endpoint detection and response (EDR) tools to detect suspicious local activities. 5. Isolate critical UPS management systems from general user access and limit physical and remote access to authorized personnel only. 6. Regularly audit system configurations and permissions as part of vulnerability management processes. 7. Stay updated with Schneider Electric advisories for official patches or updates addressing this vulnerability and apply them promptly once available. 8. Consider deploying application whitelisting to prevent unauthorized execution of modified or malicious binaries in the installation folder. 9. Educate system administrators and security teams about the risk of incorrect default permissions and the importance of secure configuration.