CVE-2025-13957 | THREATINT

Description

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.

PUBLISHED Reserved 2025-12-03 | Published 2026-03-10 | Updated 2026-03-10 | Assigner schneider

HIGH: 7.5CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-798: Use of Hard-coded Credentials

Product status

Default status

unaffected

v9.0 and prior

affected

References

download.schneider-electric.com/...Name=SEVD-2026-069-05.pdf

cve.org (CVE-2025-13957)

nvd.nist.gov (CVE-2025-13957)

Download JSON