Vulnerability Details CVE-2025-11739
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 8.3%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2025-11739
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2022
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2023
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2024
-
cpe:2.3:a:schneider-electric:ecostruxure_power_operation:2022
-
cpe:2.3:a:schneider-electric:ecostruxure_power_operation:2024