Path Traversal in Schneider Electric Powerchute™ Serial Shutdown
CVE-2025-11565
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request pa…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.001 (2.0th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Powerchute™ Serial Shutdown — versions Versions v1.3 and prior