CVE-2025-41648 | THREATINT

Description

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-01 | Updated 2025-07-02 | Assigner CERTVDE

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-704 Incorrect Type Conversion or Cast

Product status

Default status

unaffected

Any version before 2.4.6

affected

References

certvde.com/en/advisories/VDE-2025-039

cve.org (CVE-2025-41648)

nvd.nist.gov (CVE-2025-41648)

Download JSON