Hard-Coded Credentials Vulnerability in Schneider Electric's Products
CVE-2025-13957

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure™ It Data Center Expert (formerly Known As Struxureware Data Center Expert)
Vendor: CVE Published:; 10 March 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-13957?

This vulnerability involves hard-coded credentials within Schneider Electric products, leading to a risk of information disclosure and remote code execution when the SOCKS Proxy is enabled. By default, the SOCKS Proxy feature is deactivated; however, if it is activated and the administrator or PostgreSQL database credentials become known to an unauthorized party, it could significantly compromise the affected system's security.

Affected Version(s)

EcoStruxure™ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) v9.0 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Dec 3, 2025

CVE-2025-13957 Data

JSON