Home

Description

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-18 | Updated 2025-11-18 | Assigner CERTVDE




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Product status

Default status
unaffected

0.0.0 (semver) before 2.2.0
affected

Default status
unaffected

0.0.0 (semver) before 2.2.0
affected

Default status
unaffected

0.0.0 (semver) before 2.2.0
affected

Credits

Noam Moshe from Claroty Team82 finder

Tomer Goldschmidt from Claroty Team82 finder

References

certvde.com/de/advisories/VDE-2025-097

cve.org (CVE-2025-41734)

nvd.nist.gov (CVE-2025-41734)

Download JSON