CVE 9.8 CRITICAL

Unauthenticated Local File Inclusion in php module_CVE-2025-41734

November 18, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

AI Analysis

Unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

Basic Information

ID CVE-2025-41734

Source CERTVDE

Published Nov 18, 2025 at 10:18

Affected Product

Vendor METZ CONNECT

Product Energy-Controlling EWIO2-M

Version 0.0.0

Affected Versions METZ CONNECT Energy-Controlling EWIO2-M 0.0.0
METZ CONNECT Energy-Controlling EWIO2-M-BM 0.0.0
METZ CONNECT Ethernet-IO EWIO2-BM 0.0.0

CWE Classification

CWE-98

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor METZ CONNECT

Product Energy-Controlling EWIO2-M, Energy-Controlling EWIO2-M-BM, Ethernet-IO EWIO2-BM

Version 0.0.0

References

certvde.com /de/advisories/VDE-2025-097

{
    "lastseen": "",
    "description": "An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.",
    "published": "2025-11-18T10:18:00.774Z",
    "modified": "2025-11-18T10:18:00.774Z",
    "type": "cve",
    "title": "Unauthenticated Local File Inclusion in php module",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-097",
    "id": "CVE-2025-41734",
    "bulletinFamily": "",
    "cwe": [
        "CWE-98"
    ],
    "cvelist": null,
    "sourceData": "METZ CONNECT Energy-Controlling EWIO2-M 0.0.0\nMETZ CONNECT Energy-Controlling EWIO2-M-BM 0.0.0\nMETZ CONNECT Ethernet-IO EWIO2-BM 0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Energy-Controlling EWIO2-M",
    "version": "0.0.0",
    "vendor": "METZ CONNECT",
    "ai_description": "Unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.",
    "ai_severity": "Critical",
    "ai_vendor": "METZ CONNECT",
    "ai_product": "Energy-Controlling EWIO2-M, Energy-Controlling EWIO2-M-BM, Ethernet-IO EWIO2-BM",
    "ai_version": "0.0.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply