Vulnerability Description
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default.
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDoc
- http://seclists.org/fulldisclosure/2025/Jul/6
FAQ
What is CVE-2025-50121?
CVE-2025-50121 is a documented vulnerability. A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder...
How severe is CVE-2025-50121?
CVSS scoring is not yet available for CVE-2025-50121. Check NVD for updates.
Is there a patch for CVE-2025-50121?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.