CVE-2025-41452 | THREATINT

Description

Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions

PUBLISHED Reserved 2025-04-16 | Published 2025-08-22 | Updated 2025-08-22 | Assigner Danfoss

MEDIUM: 6.8CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Problem types

CWE-15: External Control of System or Configuration Setting

Product status

Default status

unaffected

Any version before 4.3.1

affected

References

www.danfoss.com/...nloads/dcs/adap-kool-software/ak-sm-800a/

cve.org (CVE-2025-41452)

nvd.nist.gov (CVE-2025-41452)

Download JSON