CVE-2025-50123
published 2025-07-11CVE-2025-50123: A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when…
PriorityP337high7.2CVSS 4.0
AVPACLATPPRHUINVCHVIHVAHSCHSILSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.31%
23.0th percentile
A
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote
command execution by a privileged account when the server is accessed via a console and through
exploitation of the hostname input.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider_electric | ecostruxure_it_data_center_expert | 8.3 – Prior to | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qcfj-h4p2-g2fw: CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote
command execution by a privileged accou
ghsa_unreviewed·2025-07-11
CVE-2025-50123 [HIGH] CWE-94 GHSA-qcfj-h4p2-g2fw: CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote
command execution by a privileged accou
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote
command execution by a privileged account when the server is accessed via a console and through
exploitation of the hostname input.
CISA ICS
Schneider Electric EcoStruxture IT Data Center Expert
cisa_ics·2025-07-22·CVSS 9.5
[CRITICAL] Schneider Electric EcoStruxture IT Data Center Expert
ICS Advisory
##
Schneider Electric EcoStruxture IT Data Center Expert
Release DateJuly 22, 2025
Alert CodeICSA-25-203-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Schneider Electric
- Equipment: EcoStruxure IT Data Center Expert
- Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Insufficient Entropy, Improper Control of Generation of Code ('Code Injection'), Server-Side Request Forgery (SSRF), Improper Privilege Management, and Improper Restriction of XML External Entity Reference
## 2. RISK EVALUATION
Successful exploitation of these vuln
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-11
Published