CVE-2025-41699 | THREATINT

Description

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').

PUBLISHED Reserved 2025-04-16 | Published 2025-10-14 | Updated 2025-10-15 | Assigner CERTVDE

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

0.0.0 (semver) before 1.7.4

affected

Default status

unaffected

0.0.0 (semver) before 1.7.4

affected

Default status

unaffected

0.0.0 (semver) before 1.7.4

affected

Default status

unaffected

0.0.0 (semver) before 1.7.4

affected

Credits

Ryo Kato of Panasonic Holdings Corporation finder

References

phoenixcontact.csaf-tp.certvde.com/...2025/vde-2025-074.json

cve.org (CVE-2025-41699)

nvd.nist.gov (CVE-2025-41699)

Download JSON

help @ threatint.eu