Description
A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file structure.
Reserved 2025-02-06 | Published 2025-06-16 | Updated 2025-06-16 | Assigner
CERTVDEHIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Problem types
CWE-306 Missing Authentication for Critical Function
Product status
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0 before 3.10.11 (FW22 Patch 2)
affected
Default status
unaffected
0.0.0 before 03.10.11 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0
affected
Default status
unaffected
0.0.0 before 03.10.11 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
Default status
unaffected
0.0.0 before 04.07.01 (FW29)
affected
Default status
unaffected
0.0.0 before 04.07.01 (70)
affected
References
certvde.com/en/advisories/VDE-2025-018/
cve.org (CVE-2025-25265)
nvd.nist.gov (CVE-2025-25265)
Download JSON
