CVE 8.8 HIGH

Possible arbitrary file upload_CVE-2025-41735

November 18, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.

AI Analysis

Arbitrary file upload vulnerability due to missing file check, allowing remote code execution

Basic Information

ID CVE-2025-41735

Source CERTVDE

Published Nov 18, 2025 at 10:18

Affected Product

Vendor METZ CONNECT

Product Energy-Controlling EWIO2-M

Version 0.0.0

Affected Versions METZ CONNECT Energy-Controlling EWIO2-M 0.0.0
METZ CONNECT Energy-Controlling EWIO2-M-BM 0.0.0
METZ CONNECT Ethernet-IO EWIO2-BM 0.0.0

CWE Classification

CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor METZ CONNECT

Product Energy-Controlling EWIO2-M, Energy-Controlling EWIO2-M-BM, Ethernet-IO EWIO2-BM

Version 0.0.0

References

certvde.com /de/advisories/VDE-2025-097

{
    "lastseen": "",
    "description": "A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.",
    "published": "2025-11-18T10:18:15.146Z",
    "modified": "2025-11-18T10:18:15.146Z",
    "type": "cve",
    "title": "Possible arbitrary file upload",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-097",
    "id": "CVE-2025-41735",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "METZ CONNECT Energy-Controlling EWIO2-M 0.0.0\nMETZ CONNECT Energy-Controlling EWIO2-M-BM 0.0.0\nMETZ CONNECT Ethernet-IO EWIO2-BM 0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Energy-Controlling EWIO2-M",
    "version": "0.0.0",
    "vendor": "METZ CONNECT",
    "ai_description": "Arbitrary file upload vulnerability due to missing file check, allowing remote code execution",
    "ai_severity": "High",
    "ai_vendor": "METZ CONNECT",
    "ai_product": "Energy-Controlling EWIO2-M, Energy-Controlling EWIO2-M-BM, Ethernet-IO EWIO2-BM",
    "ai_version": "0.0.0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply