Home

Description

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-08 | Updated 2025-09-08 | Assigner CERTVDE




HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

Default status
unaffected

Any version before FW13
affected

References

certvde.com/de/advisories/VDE-2025-048

cve.org (CVE-2025-41664)

nvd.nist.gov (CVE-2025-41664)

Download JSON