SEVD-2025-189-03
Schneider Electric is aware of multiple vulnerabilities disclosed in PostgreSQL. Many vendors, including Schneider Electric, use PostgreSQL in their offers. PostgreSQL is a database server that is used as a data store for multiple products. Schneider Electric installs a version of PostgreSQL with its EcoStruxure™ Power Operation https://www.se.com/us/en/product-range/65405-ecostruxure-power-operation/?parent-subcategory-id=59326966&filter=business-4-low-voltage-products-and-systems#overview software. EcoStruxure™ Power Operation (EPO) is an on-premises software offer that provides a single platform to monitor and control medium and lower power systems. Failure to apply the remediations and mitigations below could result in loss of system functionality or unauthorized access to system functions.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| EcoStruxure™ Power Operation (EPO) 2022 CU6 and prior | ||
| EcoStruxure™ Power Operation 2024 CU2 | ||
| EcoStruxure™ Power Operation (EPO) 2024 CU1 and prior | ||
| EcoStruxure™ Power Operation 2022 CU7 |
Timeline
- Apr 28, 2025 PoC Published
- Jul 8, 2025 CVE Published
- Feb 10, 2026 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2025-189-03.json advisory
- https://www.se.com/ww/en/download/document/7EN52-0390/ url
- https://community.se.com/t5/EcoStruxure-Power-Operation/v2024-Release-amp-Updates-Install-Procedure/m-p/478928/thread-id/6997#M6997 fix
- https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322 fix