SEVD-2025-189-01 EcoStruxure™ IT Data Center Expert Security Notification

Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure™ IT Data Center Expert (DCE) product. Failure to apply the remediation provided below may risk information disclosure, and remote compromise of the offer which could result in disruption of operations and access to system data. CVE-2025-6438, CVE-2025-50121, CVE-2025-50122, CVE-2025-50123, CVE-2025-50124, CVE-2025-50125 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-269: Improper Privilege Management CWE-331: Insufficient Entropy CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) SEVD-2025-189-01 EcoStruxure™ IT Data Center Expert Security Notification Security Advisory