CVE-2025-0327

HighLPE

Published: 13 February 2025

Published

13 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0327 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Schneider Electric (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services Registry Permissions Weakness (T1574.011); ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Threat & Defense at a Glance

What attackers do: exploitation maps to Services Registry Permissions Weakness (T1574.011) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Enforces least privilege to prevent low-privilege attackers from modifying executable paths of elevated Windows services.

CM-5 Access Restrictions for Change good match

prevent

Restricts access to system change configurations, blocking unauthorized modifications to service executable paths in the registry.

CM-6 Configuration Settings good match

prevent

Establishes and maintains secure configuration settings for services, including ACLs on registry keys to block low-privilege writes.

MITRE ATT&CK Enterprise TechniquesAI

T1574.011 Services Registry Permissions Weakness Stealth

Adversaries may execute their own malicious payloads by hijacking the Registry entries used by services.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1543.003 Windows Service Persistence

Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence.

attack.mitre.org →

Why these techniques?

Improper service registry permissions (CWE-269) allow low-priv modification of ImagePath, enabling service hijack for privilege escalation and arbitrary execution under service context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an…

attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.

Deeper analysisAI

CVE-2025-0327 is a CWE-269 improper privilege management vulnerability affecting two Windows services on engineering workstations from Schneider Electric. One service manages audit trail data, while the other functions as a server handling client requests. Published on 2025-02-13, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to significant impacts on confidentiality, integrity, and availability.

A local attacker with standard low privileges can exploit the vulnerability by modifying the executable path of the affected services. Exploitation requires restarting the services, after which the attacker can achieve a loss of confidentiality, integrity, and availability on the engineering workstation, potentially allowing arbitrary code execution or full system compromise under the services' context.

Schneider Electric has issued security notice SEVD-2025-042-03, available at https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf, which provides details on the vulnerability and recommended mitigations.