CVE-2025-41451

Vulnerability Description

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system.

Related Weaknesses (CWE)

CWE-77

References

https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/

FAQ

What is CVE-2025-41451?

CVE-2025-41451 is a documented vulnerability. Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenti...

How severe is CVE-2025-41451?

CVSS scoring is not yet available for CVE-2025-41451. Check NVD for updates.

Is there a patch for CVE-2025-41451?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.