CVE-2025-54926 is a high-severity vulnerability classified as CWE-22, which refers to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This flaw exists in Schneider Electric's EcoStruxure™ Power Monitoring Expert (PME) product, specifically affecting versions 2022, 2023, 2024, and 2024 R2. The vulnerability allows an authenticated attacker with administrative privileges to upload a malicious file via HTTP. Due to insufficient validation or restriction on the file path, the attacker can traverse directories and place the malicious file in unintended locations. This can lead to remote code execution (RCE) when the uploaded file is executed by the system. The CVSS v3.1 base score is 7.2, indicating a high severity level. The vector string (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) shows that the attack can be performed remotely over the network with low attack complexity, but requires high privileges (admin) and no user interaction. Successful exploitation compromises confidentiality, integrity, and availability of the affected system. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is critical for industrial control and power monitoring environments where PME is deployed, as it could allow attackers to execute arbitrary code, potentially disrupting power monitoring and management operations.

For European organizations, particularly those in critical infrastructure sectors such as energy, utilities, and manufacturing, this vulnerability poses a significant risk. Schneider Electric's EcoStruxure PME is widely used for power monitoring and management, making it a strategic target. Exploitation could lead to unauthorized control over power monitoring systems, causing data breaches, manipulation of power usage data, or disruption of power distribution monitoring. This could result in operational downtime, financial losses, regulatory non-compliance, and damage to reputation. Given the high privileges required, insider threats or compromised administrator accounts are the most likely attack vectors. The impact extends beyond IT systems to physical infrastructure, potentially affecting grid stability and safety. European organizations must consider the potential cascading effects on supply chains and critical services that rely on stable power monitoring.

1. Immediate mitigation should focus on restricting administrative access to PME systems through strong authentication mechanisms, including multi-factor authentication (MFA) and strict access controls. 2. Network segmentation should be enforced to isolate PME systems from general IT networks and limit exposure to potential attackers. 3. Monitor and audit all administrative file upload activities for unusual patterns or unauthorized uploads. 4. Implement strict input validation and file path sanitization on the server side to prevent path traversal exploitation. 5. Until an official patch is released, consider deploying web application firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting PME. 6. Regularly update and patch PME software as soon as Schneider Electric releases fixes. 7. Conduct thorough security awareness training for administrators to recognize phishing or social engineering attempts that could lead to credential compromise. 8. Employ endpoint detection and response (EDR) tools on PME servers to detect anomalous execution of files or processes. 9. Maintain offline backups of configuration and monitoring data to enable recovery in case of compromise.