CVE-2025-50125

MEDIUM

Schneider Electric EcoStruxure IT Data Center Expert < 8.3 - SSRF Remote Code Execution

Title source: manual

Description

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.

References (2)

Core 2

Core References

Various Sources

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf

Mailing List

http://seclists.org/fulldisclosure/2025/Jul/10

Scores

CVSS v4 6.3

EPSS 0.0046

EPSS Percentile 36.5%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

Schneider Electric/EcoStruxure™ IT Data Center Expert 8.3 - Prior to

Published Jul 11, 2025

Tracked Since Feb 18, 2026