Vulnerability Description
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mbconnectline | Mbnet.Mini Firmware | < 2.3.3 |
| Mbconnectline | Mbnet.Mini | - |
Related Weaknesses (CWE)
References
- https://certvde.com/de/advisories/VDE-2025-058Vendor Advisory
- http://seclists.org/fulldisclosure/2025/Jul/38Mailing List
FAQ
What is CVE-2025-41674?
CVE-2025-41674 is a vulnerability with a CVSS score of 7.2 (HIGH). A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
How severe is CVE-2025-41674?
CVE-2025-41674 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-41674?
Check the references section above for vendor advisories and patch information. Affected products include: Mbconnectline Mbnet.Mini Firmware, Mbconnectline Mbnet.Mini.