CVE-2025-41690 — HIGH (7.4)

Vulnerability Description

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-532

References

https://certvde.com/en/advisories/VDE-2025-068

FAQ

What is CVE-2025-41690?

CVE-2025-41690 is a vulnerability with a CVSS score of 7.4 (HIGH). A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator ...

How severe is CVE-2025-41690?

CVE-2025-41690 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-41690?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.