CVE-2025-13957

Summary

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure™ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert)v9.0 and prioraffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References