Improper Privilege Management Vulnerability in Schneider Electric Services
CVE-2025-0327

8.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Process Expert; Ecostruxure Process Expert For Aveva System Platform
Vendor: CVE Published:; 13 February 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-0327?

An improper privilege management vulnerability has been identified in Schneider Electric services, specifically in the services that manage audit trail data and client requests. This flaw allows an attacker with standard user privileges to modify the executable path of these Windows services. Exploiting this vulnerability requires a service restart, which can lead to significant risks involving the confidentiality, integrity, and availability of the engineering workstation involved.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EcoStruxure Process Expert Versions 2020R2

EcoStruxure Process Expert Versions 2021 & 2023 (prior to v4.8.0.5715)

EcoStruxure Process Expert for AVEVA System Platform Versions 2020R2

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Jan 8, 2025

JSON

Schneider Electric

What is CVE-2025-0327?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.