CVE-2025-0327

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) CWE-269: Existe una vulnerabilidad de administración inadecuada de privilegios para dos servicios (uno de los cuales administra los datos de registro de auditoría y el otro actúa como servidor que administra las solicitudes de los clientes) que podría provocar una pérdida de confidencialidad, integridad y disponibilidad de la estación de trabajo de ingeniería cuando un atacante con privilegios estándar modifica la ruta ejecutable de los servicios de Windows. Para explotarla, es necesario reiniciar los servicios.

13 Feb 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-13 07:15

Updated : 2026-06-17 08:26

NVD link : CVE-2025-0327

Mitre link : CVE-2025-0327

CVE.ORG link : CVE-2025-0327

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2025-0327", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-0327", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2025-02-13T14:55:58.362547Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "cybersecurity@se.com", "affectedData": [{"vendor": "Schneider Electric", "product": "EcoStruxure Process Expert", "versions": [{"status": "affected", "version": "Versions 2020R2"}, {"status": "affected", "version": "Versions 2021 & 2023 (prior to v4.8.0.5715)"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "EcoStruxure Process Expert for AVEVA System Platform", "versions": [{"status": "affected", "version": "Versions 2020R2"}, {"status": "affected", "version": "Versions 2021 & 2023"}], "defaultStatus": "unaffected"}]}], "published": "2025-02-13T07:15:10.570", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf", "source": "cybersecurity@se.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit\ntrail data and the other acting as server managing client request) that could cause a loss of Confidentiality,\nIntegrity and Availability of engineering workstation when an attacker with standard privilege modifies the\nexecutable path of the windows services. To be exploited, services need to be restarted."}, {"lang": "es", "value": "CWE-269: Existe una vulnerabilidad de administraci\u00f3n inadecuada de privilegios para dos servicios (uno de los cuales administra los datos de registro de auditor\u00eda y el otro act\u00faa como servidor que administra las solicitudes de los clientes) que podr\u00eda provocar una p\u00e9rdida de confidencialidad, integridad y disponibilidad de la estaci\u00f3n de trabajo de ingenier\u00eda cuando un atacante con privilegios est\u00e1ndar modifica la ruta ejecutable de los servicios de Windows. Para explotarla, es necesario reiniciar los servicios."}], "lastModified": "2026-06-17T08:26:17.000", "sourceIdentifier": "cybersecurity@se.com"}