PatchSiren cyber security CVE debrief
CVE-2025-50123 Schneider Electric CVE debrief
CVE-2025-50123 is a CWE-94 code injection issue in Schneider Electric EcoStruxure™ IT Data Center Expert. According to the vendor and CISA advisory, affected versions are 8.3 and earlier, and exploitation could cause remote command execution by a privileged account when the server is accessed via a console and the hostname input is abused. Schneider Electric states that version 9.0 includes fixes.
- Vendor
- Schneider Electric
- Product
- EcoStruxure™ IT Data Center Expert
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-08
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-07-08
- Advisory updated
- 2025-07-08
Who should care
Operators, administrators, and security teams responsible for Schneider Electric EcoStruxure™ IT Data Center Expert deployments, especially environments where privileged console access is possible.
Technical summary
The advisory describes an improper control of code generation problem in EcoStruxure™ IT Data Center Expert. The impact is remote command execution, but the documented prerequisites are significant: access via a console and a privileged account. The supplied CVSS vector is AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, reflecting high impact with limited reachability. Schneider Electric identifies version 9.0 as the fixed release and notes that earlier versions through 8.3 are affected.
Defensive priority
High for any deployment running version 8.3 or earlier, especially where administrative console access is available. The exploit prerequisites narrow exposure, but the possible impact is severe enough to warrant prompt remediation.
Recommended defensive actions
- Upgrade EcoStruxure™ IT Data Center Expert to version 9.0, which Schneider Electric states includes fixes for this issue.
- If immediate upgrading is not possible, apply the vendor-recommended hardening guidance in the EcoStruxure™ IT Data Center Expert Security Handbook.
- Restrict and monitor privileged console access to the server, limiting access to only authorized administrators.
- Validate the installed product version and confirm whether any systems are still running version 8.3 or earlier.
- Review related industrial control system security guidance from CISA and Schneider Electric to reduce overall administrative and platform risk.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-203-06 and the linked Schneider Electric security notice for SEVD-2025-189-01. The source corpus states the vulnerability type (CWE-94), the affected product and version range (EcoStruxure™ IT Data Center Expert 8.3 and prior), the impact (remote command execution by a privileged account), the access condition (server accessed via a console and hostname input exploitation), the fixed version (9.0), and the CVSS vector (CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Official resources
-
CVE-2025-50123 CVE record
CVE.org
-
CVE-2025-50123 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-07-08 by CISA and Schneider Electric in the advisory corpus provided.