CVE-2025-50122 HIGH

CVE-2025-50122

Vendor Schneider Electric
Product EcoStruxure™ IT Data Center Expert
Weakness CWE-331
Published July 11, 2025
Last update November 3, 2025

CVSS base score

8.9/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H

What the vulnerability does

01Description

A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.

Key dates

02Disclosure timeline

July 11, 2025 CVE published
November 3, 2025 Record updated