CVE-2025-6438 MEDIUM

CVE-2025-6438

Vendor Schneider Electric
Product EcoStruxure™ IT Data Center Expert
Weakness CWE-611 · XXE
Published July 11, 2025
Last update November 3, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account.

Key dates

02Disclosure timeline

July 11, 2025 CVE published
November 3, 2025 Record updated