CVE-2025-11739
Received Received - Intake
Deserialization Vulnerability in SE Software Enables Admin Code Execution

Publication date: 2026-03-10

Last updated on: 2026-03-10

Assigner: Schneider Electric SE

Description
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11739
EUVD
EUVD-2025-208471
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
schneider_electric ecostruxure_power_monitoring_expert 2022
schneider_electric ecostruxure_power_monitoring_expert 2023
schneider_electric ecostruxure_power_monitoring_expert 2023_r2
schneider_electric ecostruxure_power_monitoring_expert 2024
schneider_electric ecostruxure_power_monitoring_expert 2024_r2
schneider_electric ecostruxure_power_operation 2022
schneider_electric ecostruxure_power_operation 2024
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "This vulnerability is a CWE-502: Deserialization of Untrusted Data flaw found in Schneider Electric's EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) products. It occurs when a locally authenticated attacker with low privileges sends a specially crafted data stream that triggers unsafe deserialization. This unsafe deserialization can lead to arbitrary code execution with administrative privileges."}] [1]

Impact Analysis

The vulnerability can have severe impacts including system compromise, operational disruption, and unauthorized administrative control. Because it allows arbitrary code execution with administrative rights, an attacker could take full control of affected systems, potentially leading to loss of confidentiality, integrity, and availability of the system.

Compliance Impact

I don't know

Detection Guidance

The provided resources do not include specific detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

Immediate mitigation steps include applying specific hotfixes or upgrades depending on your product version:

  • PME 2024 R2 users should apply Hotfix_279338_Release_2024R2 (no reboot required).
  • PME 2024 users should upgrade to PME 2024 R3.
  • PME 2023 R2 users should apply Hotfix_282807 (no reboot required).
  • PME 2023 users should upgrade to PME 2023 R2 and then apply Hotfix_282807.
  • EPO 2024 users with the Advanced Reporting and Dashboards Module should upgrade to PME 2023 R2 and apply Hotfix_282807.
  • For EPO 2022 and PME 2022 (end-of-life and unsupported), update PME separately and apply the appropriate PME updates.

If immediate remediation is not possible, Schneider Electric recommends the following mitigations:

  • Follow cybersecurity hardening guidelines.
  • Run PME in isolated networks.
  • Configure Windows firewall to restrict access.
  • Enforce complex password policies.
  • Audit and limit Windows-authenticated user access, especially for elevated privileges.
  • Apply the principle of least privilege.
  • Consider upgrading to PME 2024 R3.

General security best practices include isolating control networks behind firewalls, physical security controls, locking controllers, restricting programming software network access, scanning removable media, minimizing network exposure, and using secure remote access methods like VPNs.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11739. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart