CVE-2025-41721 | THREATINT

Description

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-22 | Updated 2025-10-22 | Assigner CERTVDE

LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-77:Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Credits

Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T finder

References

sauter.csaf-tp.certvde.com/...f/white/2025/vde-2025-060.json

cve.org (CVE-2025-41721)

nvd.nist.gov (CVE-2025-41721)

Download JSON