Path Traversal in Schneider Electric Powerchute™ Serial Shutdown

CVE-2025-11565

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request pa…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (2.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References