CVE-2025-41726

Description

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.

PUBLISHED Reserved 2025-04-16 | Published 2026-01-27 | Updated 2026-01-27 | Assigner CERTVDE

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Credits

Diego Giubertoni from Nozomi Networks finder

References

certvde.com/de/advisories/VDE-2025-092

cve.org (CVE-2025-41726)

nvd.nist.gov (CVE-2025-41726)

Download JSON