Home

Description

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-23 | Updated 2025-07-23 | Assigner CERTVDE




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unaffected

V0.0 (semver) before V1.49
affected

Default status
unaffected

V0.0 (semver) before V1.62
affected

Default status
unaffected

V0.0 (semver) before V1.62
affected

Credits

Reid Wightman of Dragos Inc. finder

References

certvde.com/de/advisories/VDE-2025-052

cve.org (CVE-2025-41687)

nvd.nist.gov (CVE-2025-41687)

Download JSON