SSRF in Schneider Electric Ecostruxure™ It Data Center Expert
CVE-2025-50125
A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.005 (36.7th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Ecostruxure™ It Data Center Expert — versions 8.3