CNNVD-202507-1629 Information

CNNVD ID

CNNVD-202507-1629

Related CVE

CVE-2025-6438

• CNNVD Published: 2025-07-11

Description (Chinese)

Schneider Electric EcoStruxure IT Data Center Expert是法国施耐德电气（Schneider Electric）公司的一款可扩展的监控软件，用于收集、组织和分发关键设备信息，提供设备的全面视图。 Schneider Electric EcoStruxure IT Data Center Expert存在代码问题漏洞，该漏洞源于XML外部实体引用限制不当，可能导致未经授权的文件访问。

Description (English)

Schneider Electric EcoStruxure IT Data Center Expert is an extended surveillance software for Schneider Electric, France, which collects, organizes and distributes information on key equipment and provides a full view of the equipment. Schneider Electric EcoStruxure IT Data Center Expert has a code loophole that stems from inappropriate reference restrictions by an external XML entity and may lead to unauthorized document access.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

SCHUHFRIED

Published

2025-07-11

Last Modified

2026-02-24

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf

Patch

https://www.apc.com/us/en/product-range/61851-ecostruxure-it-data-center-expert/#products