CVE-2025-13957 HIGH

CVE-2025-13957

Vendor Schneider Electric
Product EcoStruxure™ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert)
Weakness CWE-798 · Hardcoded credentials
Published March 10, 2026
Last update March 10, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.

Key dates

02Disclosure timeline

March 10, 2026 CVE published
March 10, 2026 Record updated