Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

CERT@VDE

#270ccfa6-a436-4e77-922e-914ec3a9685c
PolicyEmail

Short Name

CERTVDE

Program Role

Root || CNA

Root

Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

Top Level Root

Cybersecurity and Infrastructure Security Agency (CISA)

Security Advisories

View Advisories

Domain

cert.vde.com

Country

Germany

Scope

Root Scope: Organizations that are cooperative partners of CERT@VDE.
CNA Scope: Products of CERT@VDE cooperative partners and brands listed at https://cert.vde.com/en/cna/. Also, industrial and infrastructure control systems (and its components) of European Union (EU) based vendors unless covered by the scope of another CNA. Partners and brands include but are not limited to: ADS-TEC Industrial IT, Auma, sipos, Beckhoff, Bender, Bucher Automation, CLAAS, 365FarmNet, Satinfo, Carlo Gavazzi Controls, Codesys, DURAG GROUP, Draeger, Endress+Hauser, Euchner, Festo Didactic, Festo, Frauscher, GEA, HIMA, Harman, Helmholz, Hilscher, K4 DIGITAL, KEB, Krohne, Kuka, Lenze, BHN Services, MB connect line, Miele, Murrelektronik, PHOENIX CONTACT, Etherwan Systems, Innominate, Pepperl+Fuchs, Pilz, SMA, SWARCO, Trumpf, TRUMPF Laser, TRUMPF Werkzeugmaschinen, VARTA Storage, VEGA, WAGO, M&M Software, Weidmueller, Welotec, Wiesemann & Theis, ifm.
Reported CVEsVendorsProductsReports
563Vulnerabilities found
CVE-2025-41702
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-26 Aug, 2025 | 06:10
Updated-26 Aug, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.

Action-Not Available
Vendor-Welotec
Product-EG400Mk2-D11101-000101EG500Mk2-C11001-000101EG503L_4GBEG503WEG802W_i7_512GB_w/o DinRailEG500Mk2-A21101-000101EG500Mk2-A11001-000201EG500Mk2-A11101-000101EG503L-GEG603L Mk2EG603W Mk2EG500Mk2-A11001-000101EG602LEG804W ProEG503LEG500Mk2-B11101-000101EG500Mk2-C11101-000101EG802WEG503W_4GBEG500Mk2-B11001-000101EG602WEG500Mk2-A12011-000101EG400Mk2-D11001-000101EG804WEG802W_i7_512GB_DinRail
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2025-41685
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.64%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 08:10
Updated-19 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user

A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.

Action-Not Available
Vendor-SMA
Product-ennexos.sunnyportal.com
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-41689
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.47%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 08:07
Updated-25 Aug, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access

An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.

Action-Not Available
Vendor-Wiesemann & Theis
Product-Motherbox 3
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-41686
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.94%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 07:37
Updated-12 Aug, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper File Permissions Allow Local Privilege Escalation

A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-DaUM
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-2810
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.33%
||
7 Day CHG~0.00%
Published-05 Aug, 2025 | 08:06
Updated-05 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Draeger: ICMHelper is vulnerable to use of Hard-coded Cryptographic Key

A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.

Action-Not Available
Vendor-Draeger
Product-Draeger ICMHelper
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2025-41698
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.49%
||
7 Day CHG~0.00%
Published-05 Aug, 2025 | 08:06
Updated-05 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.

Action-Not Available
Vendor-Draeger
Product-Draeger ICMHelper
CWE ID-CWE-862
Missing Authorization
CVE-2025-41691
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.55%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:04
Updated-04 Aug, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Control DoS via Unauthenticated NULL Pointer Dereference

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for BeagleBone SLControl RTE (SL)Control for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLControl for PLCnext SLControl for Linux ARM SLControl for emPC-A/iMX6 SLControl for PFC100 SLControl Win (SL)Control for IOT2000 SLControl for Raspberry Pi SLControl RTE (for Beckhoff CX) SLVirtual Control SLHMI (SL)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-41659
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.3||HIGH
EPSS-0.03% / 5.10%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:04
Updated-04 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Control PKI Exposure Enables Remote Certificate Access

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for PLCnext SLControl for Linux ARM SLControl for PFC100 SLControl Win (SL)Control RTE (for Beckhoff CX) SLControl for BeagleBone SLControl RTE (SL)Control for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLRuntime ToolkitControl for emPC-A/iMX6 SLControl for IOT2000 SLControl for Raspberry Pi SLVirtual Control SLHMI (SL)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-41658
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.84%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:03
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Toolkit Exposes Sensitive Files via Default Permissions

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for BeagleBone SLControl for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLRuntime ToolkitControl for Linux ARM SLControl for emPC-A/iMX6 SLControl for PFC100 SLControl for IOT2000 SLControl for PLCnext SLControl for Raspberry Pi SLVirtual Control SL
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-2813
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.75%
||
7 Day CHG~0.00%
Published-31 Jul, 2025 | 10:08
Updated-31 Jul, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP Service DoS Vulnerability

An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-AXL F BK ETH XCAXL F BK PN TPS XCIL ETH BK DI8 DO4 2TX-PACAXL F BK ETHAXL F BK EIP EFAXL F BK PN TPSAXL F BK EIPIL EIP BK DI8 DO4 2TX-PACAXL F BK PN XC (discontinued)AXL F BK PN (discontinued)AXL F BK EIP XCIL PN BK-PACIL ETH BK-PACAXL F BK SAS (discontinued)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-41688
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.14% / 34.12%
||
7 Day CHG~0.00%
Published-31 Jul, 2025 | 10:02
Updated-31 Jul, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
High Privilege RCE via LUA Sandbox Escape

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.

Action-Not Available
Vendor-HelmholzMB connect line
Product-REX 200/250mbNET HW1mbNET/mbNET.rokeyREX 300
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CVE-2025-41687
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.70%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 08:23
Updated-23 Jul, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WL-4G-EUIE-SR-2TX-WLIE-SR-2TX-WL-4G-US-V
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-41684
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.09%
||
7 Day CHG+0.03%
Published-23 Jul, 2025 | 08:23
Updated-23 Jul, 2025 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WL-4G-EUIE-SR-2TX-WLIE-SR-2TX-WL-4G-US-V
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41683
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.09%
||
7 Day CHG+0.03%
Published-23 Jul, 2025 | 08:22
Updated-23 Jul, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WL-4G-EUIE-SR-2TX-WLIE-SR-2TX-WL-4G-US-V
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41681
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 11.96%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 09:31
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input

A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41679
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.41%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:31
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service

An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-41678
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.80%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:30
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection via POST Requests Allowing Configuration Database Manipulation

A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-41677
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.79%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:30
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Resource Exhaustion via POST Requests to send-mail Action

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-41676
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.79%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:30
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Resource Exhaustion via POST Requests to send-sms Action

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-41675
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.17% / 38.11%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:29
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41674
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.17% / 38.11%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:29
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41673
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.17% / 38.11%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:29
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Command Injection in send_sms Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41668
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.62%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:04
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: File access due to the replacement of a critical file used by the service security-profile

A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-AXC F 1152AXC F 2152BPC 9102SAXC F 3152RFC 4072S
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-41667
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.62%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:03
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script

A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-AXC F 1152AXC F 2152BPC 9102SAXC F 3152RFC 4072S
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-41666
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.62%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:03
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: File access due to the replacement of a critical file used by the watchdog

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-AXC F 1152AXC F 2152BPC 9102SAXC F 3152RFC 4072S
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-41665
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 27.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:03
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: DoS of the PLC due to incorrect default permissions possible

An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-AXC F 1152AXC F 2152BPC 9102SAXC F 3152RFC 4072S
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-25271
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.66%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:01
Updated-22 Jul, 2025 | 07:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OCPP Backend Configuration via Insecure Defaults

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3100CHARX SEC-3150CHARX SEC-3000CHARX SEC-3050
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2025-25270
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.49%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:00
Updated-11 Jul, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution via Unauthenticated Configuration Manipulation

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CVE-2025-25269
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.03%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:00
Updated-11 Jul, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation via Unauthenticated Command Injection

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-25268
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.44%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:00
Updated-11 Jul, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Configuration Access via Exposed API Endpoint

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-24006
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:00
Updated-11 Jul, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation via Insecure SSH Permissions

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-24005
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.03% / 4.91%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 06:59
Updated-11 Jul, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation via Vulnerable SSH Script

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24004
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.2||MEDIUM
EPSS-0.02% / 4.83%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 06:59
Updated-11 Jul, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
USB-C Buffer Overflow via Display Interface in EV Charging Stations

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-24003
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.2||HIGH
EPSS-0.12% / 31.08%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 06:59
Updated-11 Jul, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-24002
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.69%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 06:58
Updated-11 Jul, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MQTT DoS Vulnerability in German EV Charging Stations

An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-20
Improper Input Validation
CVE-2025-3705
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 09:20
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection via USB Config Load

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') when loading a config file from a USB drive.

Action-Not Available
Vendor-Frauscher
Product-FDS101FDS102FDS-SNMP101
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-3626
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.1||CRITICAL
EPSS-0.34% / 56.08%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 09:19
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection via Config Upload in WebUI

A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') while uploading a config file via webUI.

Action-Not Available
Vendor-Frauscher
Product-FDS102
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41672
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-10||CRITICAL
EPSS-0.07% / 22.40%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 06:17
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: Vulnerability in WAGO Device Sphere

A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.

Action-Not Available
Vendor-WAGO
Product-Wago Device Sphere
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2025-41648
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 25.80%
||
7 Day CHG~0.00%
Published-01 Jul, 2025 | 08:10
Updated-03 Jul, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pilz: Authentication Bypass in IndustrialPI Webstatus

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

Action-Not Available
Vendor-Pilz
Product-IndustrialPI 4 with IndustrialPI webstatus
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2025-41656
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-10||CRITICAL
EPSS-0.14% / 34.50%
||
7 Day CHG~0.00%
Published-01 Jul, 2025 | 08:10
Updated-03 Jul, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pilz: Missing Authentication in Node-RED integration

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.

Action-Not Available
Vendor-Pilz
Product-IndustrialPI 4 with Firmware Bullseye
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-8419
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.45%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 09:39
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ifm: Improper Access Control vulnerability in AC4xxS devices

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.

Action-Not Available
Vendor-ifm electronic GmbH
Product-ifm Smart PLC AC4xxS Firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-41647
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 09:40
Updated-26 Jun, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lenze: Plaintext Password Disclosure in PLC Designer V4 Interface

A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.

Action-Not Available
Vendor-Lenze
Product-PLC Designer V4
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-3092
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.66%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 08:14
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24

An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.

Action-Not Available
Vendor-HelmholzMB connect line
Product-myREX24myREX24.virtualmymbCONNECT24mbCONNECT24
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2025-3091
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.67%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 08:10
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbCONNECT24myREX24.virtualmymbCONNECT24myREX24
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-3090
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.2||HIGH
EPSS-0.19% / 41.44%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 08:05
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbCONNECT24myREX24.virtualmymbCONNECT24myREX24
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-25265
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.02%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 09:46
Updated-04 Jul, 2025 | 07:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated File Read via Web Interface

A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file structure.

Action-Not Available
Vendor-WAGO
Product-PFC100 G2 0750-811x-xxxx-xxxxTP600 0762-620x/8000-000xPFC200 G1 750-820x-xxx-xxxTP600 0762-630x/8000-000xPFC100 G1 0750-810x/xxxx-xxxxWAGO CC100 0751-9x01PFC200 G2 750-821x-xxx-xxxTP600 0762-520x/8000-000xTP600 0762-530x/8000-000xTP600 0762-420x/8000-000xTP600 0762-430x/8000-000xEdge Controller 0752-8303/8000-0002CC100 0751-9x01
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-25264
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.44%
||
7 Day CHG+0.02%
Published-16 Jun, 2025 | 09:45
Updated-04 Jul, 2025 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Overly Permissive CORS Policy in WAGO Device Manager

An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.

Action-Not Available
Vendor-WAGO
Product-PFC100 G2 0750-811x-xxxx-xxxxTP600 0762-620x/8000-000xPFC200 G1 750-820x-xxx-xxxTP600 0762-630x/8000-000xPFC100 G1 0750-810x/xxxx-xxxxPFC200 G2 750-821x-xxx-xxxTP600 0762-520x/8000-000xTP600 0762-530x/8000-000xTP600 0762-420x/8000-000xTP600 0762-430x/8000-000xEdge Controller 0752-8303/8000-0002CC100 0751-9x01
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2025-41663
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 08:15
Updated-24 Jul, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Security routers IE-SR-2TX are affected by Command Injection

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WLIE-SR-2TX-WL-4G-US-VIE-SR-2TX-WL-4G-EU
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41661
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.17%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 08:13
Updated-24 Jul, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Security routers IE-SR-2TX are affected by CSRF

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WLIE-SR-2TX-WL-4G-US-VIE-SR-2TX-WL-4G-EU
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-41662
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-Not Assigned
EPSS-0.08% / 23.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 08:08
Updated-23 Jul, 2025 | 08:15
Rejected-23 Jul, 2025 | 07:53
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVE-2025-41662 is considered redundant or unnecessary and thus should be withdrawn. Instead, a new CVE CVE-2025-41687 has been reserved to better reflect the updated analysis.

Action-Not Available
Vendor-
Product-
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next