CVE-2025-50123NVD

Vulnerability Summary

A

CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote
command execution by a privileged account when the server is accessed via a console and through
exploitation of the hostname input.

Severity Level

HIGH(7.2)

Published Date

Jul 11, 2025

Last Modified

Jul 15, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-94: Code Injection ↗

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended syntax or behavior.

CVSS v4.0 Base Metrics

Attack VectorPhysical

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

External References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf

Critical Alert

CVE Watchtower

CVE-2025-50123NVD

Vulnerability Summary

External References