Remote Command Injection in diagnostic Action Due to Improper Input...

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.

Basic Information

ID CVE-2025-41674

Source CERTVDE

Published Jul 21, 2025 at 09:29

Modified Jul 21, 2025 at 17:05

Affected Product

Vendor MB connect line

Product mbNET.mini

Version 0.0.0

Affected Versions MB connect line mbNET.mini 0.0.0
Helmholz REX 100 0.0.0

CWE Classification

CWE-78

References

certvde.com /de/advisories/VDE-2025-058

{
    "lastseen": "",
    "description": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.",
    "published": "2025-07-21T09:29:43.181Z",
    "modified": "2025-07-21T17:05:33.656Z",
    "type": "cve",
    "title": "Remote Command Injection in diagnostic Action Due to Improper Input Neutralization",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-058",
    "id": "CVE-2025-41674",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "MB connect line mbNET.mini 0.0.0\nHelmholz REX 100 0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mbNET.mini",
    "version": "0.0.0",
    "vendor": "MB connect line",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Remote Command Injection in diagnostic Action Due to Improper Input Neutralization_CVE-2025-41674