Schneider Electric Security Alert

Schneider Electric has issued a critical security alert regarding multiple vulnerabilities in its EcoStruxure IT Data Center Expert (DCE) software, a key monitoring solution for data center equipment. Released on July 8, 2025, under reference SEVD-2025-189-01, the advisory highlights six severe flaws affecting versions 8.3 and earlier.

Schneider Electric VulnerabilitiesSchneider Electric Vulnerabilities

These vulnerabilities could lead to unauthorized access, information disclosure, and remote system compromise, posing significant risks to data security and operational continuity in critical infrastructure.

Schneider Electric VulnerabilitiesSchneider Electric Vulnerabilities

Key Vulnerabilities Identified

One of the most concerning issues is CVE-2025-50121, an OS Command Injection vulnerability (CWE-78) with a CVSS v3.1 score of 10 (Critical). This flaw allows unauthenticated remote code execution through the web interface when HTTP is enabled.

"NPAV recommends home users and organizations to maintain strong, up-to-date cybersecurity measures. Install NPAV on your desktop, laptop, and mobile devices to ensure world-class protection against fraud, malware, and ransomware attacks.

Choose NPAV and be a part of our mission to make the digital world safer for everyone."