← back
CVE-2025-13957

CVE-2025-13957

CVSS 7.5 HIGHEPSS 0.7%CWE-798
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Schneider Electric · EcoStruxure™ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-05.pdf