Path Traversal Vulnerability in Schneider Electric's Web Admin Interface
CVE-2025-11565

7.3HIGH

Key Information:

Vendor: Schneider Electric
Status: Powerchute Serial Shutdown
Vendor: CVE Published:; 12 November 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-11565?

A path traversal vulnerability in Schneider Electric's Web Admin interface allows Web Admin users on the local network to exploit improperly restricted pathnames. This flaw can result in unauthorized access to system resources when attackers manipulate the payload of POST, REST, or UpdateJRE requests, potentially compromising the security of the affected systems.

Affected Version(s)

PowerChute Serial Shutdown Versions v1.3 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 9, 2025

JSON