CVE-2025-11565
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: Schneider Electric SE

Description
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11565
EUVD
EUVD-2025-131906
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
schneider_electric powerchute_serial_shutdown 1.4
schneider_electric powerchute_serial_shutdown 1.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CWE-22 (Path Traversal), exists in Schneider Electric's PowerChuteβ„’ Serial Shutdown product (version 1.3 and prior). It allows a Web Admin user on the local network to tamper with the POST /REST/UpdateJRE request payload, which can lead to elevated system access privileges. Essentially, it means that an attacker with low-level access on the local network can manipulate file paths to gain higher system privileges than intended. [1]

Impact Analysis

The vulnerability can lead to elevation of privileges, allowing an attacker with low-level access on the local network to gain higher system access. This impacts the confidentiality, integrity, and availability of the affected system. An attacker could potentially manipulate system files or configurations, leading to unauthorized control or disruption of services. [1]

Detection Guidance

Detection can focus on monitoring for tampering attempts with the POST /REST/UpdateJRE request payload by a Web Admin user on the local network. Network traffic analysis tools or web server logs can be used to identify suspicious POST requests to /REST/UpdateJRE. Specific commands depend on your environment, but examples include using curl or wget to test the endpoint, or using packet capture tools like tcpdump or Wireshark to monitor POST requests. For example, a tcpdump command to capture POST requests to the vulnerable endpoint could be: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /REST/UpdateJRE'. Additionally, checking web server access logs for POST requests to /REST/UpdateJRE with unusual payloads can help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading to PowerChuteβ„’ Serial Shutdown version 1.4, which contains fixes for CVE-2025-11565. Additionally, ensure that only trusted Web Admin users on the local network have access to the system. Follow standard patching best practices such as backing up systems and testing patches in isolated environments before deployment. Implement network segmentation to isolate control and safety system networks behind firewalls, separate from business networks. Restrict programming software and administrative access to intended networks only. Also, apply physical security controls to prevent unauthorized access. For CVE-2025-11567 related to permissions, verify and set proper administrative permissions on the installation folder, especially if a custom folder is used. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11565. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart