PatchSiren cyber security CVE debrief
CVE-2025-50125 Schneider Electric CVE debrief
CVE-2025-50125 is a CWE-918 server-side request forgery issue in Schneider Electric EcoStruxure™ IT Data Center Expert. CISA and Schneider Electric describe it as network-accessible and unauthenticated, with the potential to reach remote code execution when an attacker knows hidden URLs and can manipulate the Host request header. The advisory published on 2025-07-08 rates the issue HIGH with CVSS 7.2.
- Vendor
- Schneider Electric
- Product
- EcoStruxure™ IT Data Center Expert
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-08
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-07-08
- Advisory updated
- 2025-07-08
Who should care
Schneider Electric EcoStruxure™ IT Data Center Expert administrators, OT/ICS defenders, and IT security teams protecting version 8.3 and earlier, especially where the platform is reachable from enterprise or external networks.
Technical summary
The supplied CSAF advisory identifies a CWE-918 SSRF condition affecting Schneider Electric EcoStruxure™ IT Data Center Expert version 8.3 and prior. The issue is network exploitable, requires no authentication, and is described as potentially enabling remote code execution when an attacker has knowledge of hidden URLs and can manipulate the Host request header. The advisory lists CVSS v3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N.
Defensive priority
High. Prioritize remediation for any exposed or broadly reachable DCE instance because the flaw is unauthenticated, network-based, and impacts an industrial data-center management platform. If immediate upgrading is not possible, apply the vendor's documented hardening guidance without delay.
Recommended defensive actions
- Upgrade EcoStruxure™ IT Data Center Expert to version 9.0, which Schneider Electric states includes fixes for this vulnerability.
- If you cannot upgrade immediately, apply the hardening guidance in the EcoStruxure™ IT Data Center Expert Security Handbook referenced by Schneider Electric.
- Review network exposure and segmentation around the DCE instance so only required administrative sources can reach it.
- Use the CISA ICS recommended practices linked in the advisory as a baseline for defense-in-depth and access restriction.
Evidence notes
Based only on the supplied CISA CSAF advisory ICSA-25-203-06 and the Schneider Electric security notice references. The affected product is listed as Schneider Electric EcoStruxure™ IT Data Center Expert version 8.3 and prior. The advisory publication and modification timestamps provided are 2025-07-08T04:00:00Z. In the supplied enrichment, the issue is not marked as a CISA KEV item and no ransomware campaign use is noted.
Official resources
-
CVE-2025-50125 CVE record
CVE.org
-
CVE-2025-50125 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-07-08 by CISA and Schneider Electric. The supplied enrichment does not list this CVE in CISA KEV and does not indicate ransomware campaign use.