Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2025-50121

CVE-2025-50121

9.5

Critical

Published:11 Jul 2025

Last updated:17 Jun 2026

Source:cybersecurity@se.com

Deferred

Weakness (CWE)

CWE-78OS Command Injection

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: Present
Privileges Required: None
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): Low
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default.

References

cybersecurity@se.com

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf

af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/6