RCE in Schneider Electric Ecostruxure™ It Data Center Expert
CVE-2025-50123
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.003 (23.0th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Ecostruxure™ It Data Center Expert — versions 8.3