Hardcoded Credentials in Schneider Proxy Enable Remote Code Execution
CVE-2025-13957 Published on March 10, 2026

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.

NVD

Weakness Type

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Products Associated with CVE-2025-13957

stack.watch emails you whenever new vulnerabilities are published in Schneider Electric Data Center Expert or Schneider Electric Struxureware Data Center Expert. Just hit a watch button to start following.

Schneider Electric Data Center Expert

Schneider Electric Struxureware Data Center Expert

Affected Versions

Schneider Electric EcoStruxure™ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) Version v9.0 and prior is affected by CVE-2025-13957

Hardcoded Credentials in Schneider Proxy Enable Remote Code ExecutionCVE-2025-13957 Published on March 10, 2026

Weakness Type

Use of Hard-coded Credentials

Products Associated with CVE-2025-13957

Affected Versions

Hardcoded Credentials in Schneider Proxy Enable Remote Code Execution
CVE-2025-13957 Published on March 10, 2026