Incorrect Default Permissions in Schneider Electric Software
CVE-2025-11567

7.3HIGH

Key Information:

Vendor: Schneider Electric
Status: Powerchute™ Serial Shutdown
Vendor: CVE Published:; 12 November 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-11567?

A vulnerability characterized by incorrect default permissions has been identified in Schneider Electric software. This flaw arises from inadequate security measures applied to the target installation folder, potentially allowing unauthorized users to gain elevated system access. Ensuring proper permissions is crucial to prevent exploitation and maintain the integrity of system operations.

Affected Version(s)

PowerChute™ Serial Shutdown Versions v1.3 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 9, 2025

JSON