PatchSiren cyber security CVE debrief
CVE-2025-6438 Schneider Electric CVE debrief
CVE-2025-6438 is a CWE-611 XML External Entity (XXE) issue in Schneider Electric EcoStruxure™ IT Data Center Expert. According to the CISA advisory and Schneider Electric notice, the flaw can affect SOAP API handling and may lead to unauthorized file access when the server is accessed over the network using an application account. Schneider Electric states that version 9.0 includes the fix, and CISA published the advisory on 2025-07-08.
- Vendor
- Schneider Electric
- Product
- EcoStruxure™ IT Data Center Expert
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-08
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-07-08
- Advisory updated
- 2025-07-08
Who should care
Operators and administrators of Schneider Electric EcoStruxure™ IT Data Center Expert, especially environments running version 8.3 or earlier. Security teams responsible for externally reachable or broadly accessible management systems should also prioritize review.
Technical summary
The supplied advisory data describes an improper restriction of XML External Entity references in EcoStruxure™ IT Data Center Expert. The affected scope is version 8.3 and prior. The issue may allow manipulation of SOAP API calls and XXE injection, resulting in unauthorized file access. The advisory lists CVSS v3.1 as 6.8 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N), indicating network reachability and meaningful confidentiality impact, with no integrity or availability impact stated in the provided vector.
Defensive priority
Medium; prioritize to high for any deployment exposed to untrusted network access or relying on application accounts with elevated access.
Recommended defensive actions
- Upgrade EcoStruxure™ IT Data Center Expert to version 9.0, which Schneider Electric says includes the fix.
- If you cannot remediate immediately, follow Schneider Electric's EcoStruxure™ IT Data Center Expert Security Handbook and the vendor/CISA hardening guidance referenced in the advisory.
- Review where SOAP API access is allowed and restrict access to trusted administrative networks and accounts.
- Audit application accounts used by the server and remove unnecessary privileges where possible.
- Validate that affected instances are identified and tracked so version 8.3 and earlier do not remain in production unnoticed.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-25-203-06, Schneider Electric's linked Security and Safety Notice SEVD-2025-189-01, and the provided source metadata. The advisory explicitly names EcoStruxure™ IT Data Center Expert version 8.3 and prior as affected, describes the flaw as CWE-611/XXE affecting SOAP API calls, and states that unauthorized file access may occur. The provided CVSS vector is 6.8/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N. No KEV entry is present in the supplied enrichment.
Official resources
-
CVE-2025-6438 CVE record
CVE.org
-
CVE-2025-6438 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-07-08 in the CISA CSAF advisory ICSA-25-203-06 and Schneider Electric notice SEVD-2025-189-01.