Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Mar 10, 2026
CVE-2025-13957
CVE-2025-13957
Description
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
Affected products
1- Range: v9.0 and prior
Patches
Vulnerability mechanics
References
1News mentions
1- ZDI-26-212: Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution VulnerabilityZero Day Initiative · Mar 16, 2026