PatchSiren cyber security CVE debrief
CVE-2025-50121 Schneider Electric CVE debrief
CVE-2025-50121 is a critical OS command injection vulnerability in Schneider Electric EcoStruxure™ IT Data Center Expert. According to the CISA CSAF advisory published on 2025-07-08, the issue could allow unauthenticated remote code execution when a malicious folder is created through the web interface over HTTP, if HTTP is enabled. Schneider Electric states that HTTP is disabled by default, which reduces exposure, but any environment that has enabled HTTP should treat this as urgent.
- Vendor
- Schneider Electric
- Product
- EcoStruxure™ IT Data Center Expert
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-08
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-07-08
- Advisory updated
- 2025-07-08
Who should care
Schneider Electric EcoStruxure™ IT Data Center Expert administrators, OT/IT security teams responsible for appliance hardening, and defenders managing environments where the DCE web interface is enabled over HTTP.
Technical summary
The advisory describes a CWE-78 OS command injection issue affecting Schneider Electric EcoStruxure™ IT Data Center Expert version 8.3 and prior. The stated impact is unauthenticated remote code execution triggered through the web interface when HTTP is enabled and a malicious folder is created. The provided CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, consistent with a critical network-reachable issue with high confidentiality, integrity, and availability impact. Schneider Electric’s remediation notes identify version 9.0 as fixed, available upon request, and recommend hardening the instance using the Security Handbook if immediate remediation is not applied.
Defensive priority
High. This is a CVSS 10.0 critical issue with unauthenticated RCE potential, but exposure depends on HTTP being enabled. Systems with HTTP enabled should be prioritized immediately; systems with HTTP disabled remain less exposed based on the advisory, but should still be upgraded.
Recommended defensive actions
- Upgrade EcoStruxure™ IT Data Center Expert to version 9.0, which Schneider Electric says includes fixes for the vulnerability.
- If you cannot upgrade immediately, follow Schneider Electric’s EcoStruxure™ IT Data Center Expert Security Handbook to harden the instance.
- Verify whether HTTP is enabled on any deployed DCE instance and disable it if it is not required.
- Limit network exposure to the DCE web interface to only trusted administrative networks.
- Review affected deployments of version 8.3 and earlier and schedule remediation as a priority.
- Monitor Schneider Electric and CISA advisory updates for any additional guidance.
Evidence notes
All claims are taken from the supplied CISA CSAF advisory (ICSA-25-203-06) and the linked Schneider Electric security notice references. The advisory states the vulnerability is CWE-78 OS command injection, affects Schneider Electric EcoStruxure™ IT Data Center Expert version 8.3 and prior, can cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled, and that HTTP is disabled by default. The remediation section states version 9.0 includes fixes and is available upon request.
Official resources
-
CVE-2025-50121 CVE record
CVE.org
-
CVE-2025-50121 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-07-08 via Schneider Electric’s security notice references and the CISA CSAF advisory ICSA-25-203-06.