CVE-2025-13957 is a vulnerability classified under CWE-798, indicating the use of hard-coded credentials within Schneider Electric's EcoStruxure IT Data Center Expert software, versions 9.0 and earlier. The vulnerability arises specifically when the SOCKS Proxy feature is enabled, which is disabled by default, limiting exposure. The presence of hard-coded credentials for both administrator access and the PostgreSQL database creates a critical security weakness. An attacker with knowledge of these credentials and high privileges could exploit this flaw to disclose sensitive information and execute arbitrary code remotely on the affected system. The CVSS 4.0 base score is 7.5 (high), reflecting the network attack vector, low attack complexity, and the requirement for privileged authentication. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could gain control over the data center management platform, potentially disrupting operations or exfiltrating sensitive data. No patches are currently linked, and no active exploits have been reported, but the risk remains significant due to the critical nature of the affected product in managing IT infrastructure.

The vulnerability poses a significant risk to organizations relying on Schneider Electric's EcoStruxure IT Data Center Expert for managing critical data center operations. Exploitation could lead to unauthorized access to sensitive infrastructure management data, manipulation or disruption of data center operations, and potential lateral movement within the network. This could result in operational downtime, data breaches, and loss of control over critical IT assets. Given the product's role in data center management, the impact extends to availability and integrity of IT services, potentially affecting business continuity. Organizations in sectors with high dependence on data center uptime, such as finance, healthcare, telecommunications, and manufacturing, face elevated risks. The requirement for privileged credentials limits exploitation to insiders or attackers who have already compromised credentials, but the presence of hard-coded credentials increases the attack surface and risk of credential leakage.

Organizations should immediately verify whether the SOCKS Proxy feature is enabled in their EcoStruxure IT Data Center Expert deployments and disable it if not required, as it is disabled by default and its activation increases exposure. They should audit and rotate any hard-coded or default credentials if possible, and enforce strict credential management policies. Network segmentation should be applied to restrict access to the management interface and PostgreSQL database to trusted administrators only. Monitoring and logging should be enhanced to detect unusual access patterns or attempts to use hard-coded credentials. Since no patches are currently available, organizations should engage with Schneider Electric for updates or workarounds. Additionally, implementing multi-factor authentication (MFA) for administrative access can reduce risk. Regular security assessments and penetration testing focused on this product can help identify exploitation attempts early.