Platform
other
Component
ecostruxure-it-data-center-expert
CVE-2025-50124 identifies a Privilege Escalation vulnerability within Schneider Electric's EcoStruxure™ IT Data Center Expert software. This flaw allows an attacker, through exploitation of a setup script accessed via a privileged account console, to potentially escalate their privileges within the system. The vulnerability affects versions prior to 8.3 and a fix is available in version 8.3 and later.
Successful exploitation of CVE-2025-50124 could grant an attacker unauthorized access to sensitive data and system resources. By leveraging a privileged account and exploiting the setup script, an attacker could gain administrative control over the EcoStruxure™ IT Data Center Expert system. This could lead to data breaches, system disruption, and potentially compromise the entire data center infrastructure. The blast radius extends to any data or services managed by the affected system, making it a critical security concern.
CVE-2025-50124 was published on 2025-07-11. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. Given the nature of privilege escalation vulnerabilities, it is recommended to prioritize remediation to prevent potential exploitation.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
The primary mitigation for CVE-2025-50124 is to upgrade EcoStruxure™ IT Data Center Expert to version 8.3 or later, which includes the necessary security patches. If an immediate upgrade is not feasible, consider restricting access to the console and carefully reviewing the setup script for any suspicious modifications. While a direct workaround is unavailable, implementing the principle of least privilege and regularly auditing user accounts can help limit the potential impact of a successful exploit. After upgrade, confirm by verifying the version number within the software interface.
Actualice EcoStruxure™ IT Data Center Expert a una versión posterior a la 8.3 para corregir la vulnerabilidad de escalada de privilegios. Consulte el aviso de seguridad del proveedor para obtener más detalles e instrucciones específicas sobre la actualización: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-50124 is a vulnerability allowing privilege escalation in EcoStruxure™ IT Data Center Expert versions prior to 8.3, exploitable through a setup script accessed via a privileged console.
You are affected if you are running EcoStruxure™ IT Data Center Expert versions prior to 8.3 and have privileged accounts with console access.
Upgrade EcoStruxure™ IT Data Center Expert to version 8.3 or later to remediate the vulnerability.
As of the publication date, there are no publicly known active exploitation campaigns for CVE-2025-50124.
Refer to the official Schneider Electric security advisory for CVE-2025-50124 for detailed information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.