CNNVD-202511-1424 Information

CNNVD ID

CNNVD-202511-1424

Related CVE

CVE-2025-11565

• CNNVD Published: 2025-11-12

Description (Chinese)

Schneider Electric PowerChute Serial Shutdown是法国施耐德电气（Schneider Electric）公司的一个 UPS 管理、正常关机和能源管理软件。 Schneider Electric PowerChute Serial Shutdown存在安全漏洞，该漏洞源于路径名限制不当，可能导致本地网络上的Web管理员用户通过篡改POST /REST/UpdateJRE请求有效载荷提升系统访问权限。

Description (English)

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software of Schneider Electric, France. There is a security loophole in Schneider PowerChute Serial Shutdown, which stems from inappropriate path name limitations, which may lead Web administrator users on local networks to request payload access by tampering with POST/REST/UpdateJRE.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

施耐德电气。

Published

2025-11-12

Last Modified

2026-02-24

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-315-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-315-01.pdf

Patch

https://www.se.com/us/en/product-range/137943580-powerchute-serial-shutdown/#products