CVE-2025-50122
published 2025-07-11CVE-2025-50122: A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with…
PriorityP344high8.9CVSS 4.0
AVAACHATNPRNUINVCHVIHVAHSCHSILSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.20%
9.5th percentile
A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reverse engineered with access to installation or upgrade artifacts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider_electric | ecostruxure_it_data_center_expert | 8.3 – Prior to | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4qqx-6m6r-7q77: CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reverse engineer
ghsa_unreviewed·2025-07-11
CVE-2025-50122 [HIGH] CWE-331 GHSA-4qqx-6m6r-7q77: CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reverse engineer
CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reverse engineered with access to installation or upgrade artifacts.
CISA ICS
Schneider Electric EcoStruxture IT Data Center Expert
cisa_ics·2025-07-22·CVSS 9.5
[CRITICAL] Schneider Electric EcoStruxture IT Data Center Expert
ICS Advisory
##
Schneider Electric EcoStruxture IT Data Center Expert
Release DateJuly 22, 2025
Alert CodeICSA-25-203-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Schneider Electric
- Equipment: EcoStruxure IT Data Center Expert
- Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Insufficient Entropy, Improper Control of Generation of Code ('Code Injection'), Server-Side Request Forgery (SSRF), Improper Privilege Management, and Improper Restriction of XML External Entity Reference
## 2. RISK EVALUATION
Successful exploitation of these vuln
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-11
Published