Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).

Basic Information

ID CVE-2025-41683

Source CERTVDE

Published Jul 23, 2025 at 08:22

Modified Jul 23, 2025 at 14:08

Affected Product

Vendor Weidmueller

Product IE-SR-2TX-WL

Version V0.0

Affected Versions Weidmueller IE-SR-2TX-WL V0.0
Weidmueller IE-SR-2TX-WL-4G-EU V0.0
Weidmueller IE-SR-2TX-WL-4G-US-V V0.0

CWE Classification

CWE-78

References

certvde.com /de/advisories/VDE-2025-052

{
    "lastseen": "",
    "description": "An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).",
    "published": "2025-07-23T08:22:48.380Z",
    "modified": "2025-07-23T14:08:32.342Z",
    "type": "cve",
    "title": "Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-052",
    "id": "CVE-2025-41683",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Weidmueller IE-SR-2TX-WL V0.0\nWeidmueller IE-SR-2TX-WL-4G-EU V0.0\nWeidmueller IE-SR-2TX-WL-4G-US-V V0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "IE-SR-2TX-WL",
    "version": "V0.0",
    "vendor": "Weidmueller",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint_CVE-2025-41683