Path Traversal Vulnerability in Schneider Electric's Web Admin Interface
CVE-2025-11565

7.3HIGH

Key Information:

Vendor: Schneider Electric
Status: Powerchute™ Serial Shutdown
Vendor: CVE Published:; 12 November 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-11565?

A path traversal vulnerability in Schneider Electric's Web Admin interface allows Web Admin users on the local network to exploit improperly restricted pathnames. This flaw can result in unauthorized access to system resources when attackers manipulate the payload of POST, REST, or UpdateJRE requests, potentially compromising the security of the affected systems.

Affected Version(s)

PowerChute™ Serial Shutdown Versions v1.3 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 9, 2025

JSON