CVE-2025-13905

🗓️ 29 Jan 2026 15:20:45Reported by schneiderType

Privilege escalation via reverse shell due to incorrect default permissions allowing local user to modify service binaries.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2025-13905	29 Jan 202615:20	–	attackerkb
Circl	CVE-2025-13905	22 Jan 202611:00	–	circl
CNNVD	Schneider Electric EcoStruxure Process Expert security vulnerabilities	29 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-13905	29 Jan 202615:20	–	cvelist
EUVD	EUVD-2025-206546	29 Jan 202615:20	–	euvd
ICS	Schneider Electric EcoStruxure Process Expert (Update A)	13 Jan 202608:00	–	ics
NVD	CVE-2025-13905	29 Jan 202616:16	–	nvd
Positive Technologies	PT-2026-4356	23 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-13905	30 Jan 202615:39	–	redhatcve
Vulnrichment	CVE-2025-13905	29 Jan 202615:20	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure™ Process Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 2025"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure™ Process Expert for AVEVA System Platform",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

15 Apr 2026 00:35Current

5.9Medium risk

Vulners AI Score5.9

CVSS 47

EPSS0.00021

SSVC

CWE-276