QwikSec

Security Database

CVE

CWE

Training

CVE-2025-50121

Published: Jul 11, 2025

Modified: Nov 3, 2025

PUBLISHED

Description

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default.

Vendor	Product	Versions
Schneider Electric	EcoStruxure™ IT Data Center Expert	affected `8.3 - <= Prior to`

Weaknesses (CWE)

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.