CVE-2025-41701 | THREATINT

Description

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-09 | Assigner CERTVDE

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status

unaffected

Any version before 3.1.4024.67

affected

Credits

Peter Cheng finder

ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc. reporter

References

certvde.com/en/advisories/VDE-2025-075

cve.org (CVE-2025-41701)

nvd.nist.gov (CVE-2025-41701)

Download JSON