CWE502 Unsafe Deserialization in Schneider Electric Device
CVE-2025-11739 Published on March 10, 2026
CWE502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-11739 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2025-11739
Want to know whenever a new CVE is published for Schneider Electric Ecostruxure Power Monitoring Expert? stack.watch will email you.
Affected Versions
Schneider Electric EcoStruxure™ Power Monitoring Expert (PME):- Version Version 2022 is affected.
- Version Version 2023 is affected.
- Version Version 2023 R2 is affected.
- Version Version 2024 is affected.
- Version Version 2024 R2 is affected.
- Version Version 2022 is affected.
- Version Version 2024 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.