CVE-2025-13905

Summary

CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure™ Process ExpertVersions prior to 2025affected
Schneider ElectricEcoStruxure™ Process Expert for AVEVA System PlatformAll versionsaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References