Home

Description

A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.

PUBLISHED Reserved 2025-04-16 | Published 2026-01-27 | Updated 2026-01-27 | Assigner CERTVDE




MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status
unaffected

0.0.0 (semver) before 2.5.3
affected

Default status
unaffected

0.0.0 (semver) before 1.7.0.0
affected

Default status
unaffected

0.0.0 (semver) before 0.0.5
affected

Credits

Diego Giubertoni from Nozomi Networks finder

References

certvde.com/de/advisories/VDE-2025-092

cve.org (CVE-2025-41728)

nvd.nist.gov (CVE-2025-41728)

Download JSON