CVE-2025-41682 | THREATINT

Description

An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-08 | Updated 2025-09-08 | Assigner CERTVDE

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-522 Insufficiently Protected Credentials

Product status

Default status

unaffected

5.30.2 (semver) before 5.33.3

affected

Default status

unaffected

5.30.2 (semver) before 5.33.3

affected

Default status

unaffected

5.30.2 (semver) before 5.33.3

affected

Default status

unaffected

5.30.2 (semver) before 5.33.3

affected

Credits

Dr. Matthias Kesenheimer by SySS GmbH finder

Sebastian Hamann by SySS GmbH finder

References

certvde.com/de/advisories/VDE-2025-061

cve.org (CVE-2025-41682)

nvd.nist.gov (CVE-2025-41682)

Download JSON

help @ threatint.eu