Vulnerability-Lookup

CVE-2025-41734 (GCVE-0-2025-41734)

Vulnerability from cvelistv5 – Published: 2025-11-18 10:18 – Updated: 2025-11-18 21:00

Title

Unauthenticated Local File Inclusion in php module

Summary

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Assigner

CERTVDE

References

1 reference

URL	Tags
https://certvde.com/de/advisories/VDE-2025-097

Impacted products

3 products

Vendor	Product	Version
METZ CONNECT	Energy-Controlling EWIO2-M	Affected: 0.0.0 , < 2.2.0 (semver)
METZ CONNECT	Energy-Controlling EWIO2-M-BM	Affected: 0.0.0 , < 2.2.0 (semver)
METZ CONNECT	Ethernet-IO EWIO2-BM	Affected: 0.0.0 , < 2.2.0 (semver)

Credits

Noam Moshe from Claroty Team82 Tomer Goldschmidt from Claroty Team82

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41734",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T20:59:09.008160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T21:00:09.059Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Energy-Controlling EWIO2-M",
          "vendor": "METZ CONNECT",
          "versions": [
            {
              "lessThan": "2.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Energy-Controlling EWIO2-M-BM",
          "vendor": "METZ CONNECT",
          "versions": [
            {
              "lessThan": "2.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ethernet-IO EWIO2-BM",
          "vendor": "METZ CONNECT",
          "versions": [
            {
              "lessThan": "2.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Noam Moshe from Claroty Team82"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomer Goldschmidt from Claroty Team82"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T10:18:00.774Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-097"
        }
      ],
      "source": {
        "advisory": "VDE-2025-097",
        "defect": [
          "CERT@VDE#641881"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated Local File Inclusion in php module",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-41734",
    "datePublished": "2025-11-18T10:18:00.774Z",
    "dateReserved": "2025-04-16T11:17:48.319Z",
    "dateUpdated": "2025-11-18T21:00:09.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-41734",
      "date": "2026-05-28",
      "epss": "0.00122",
      "percentile": "0.30912"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-41734\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2025-11-18T11:15:46.947\",\"lastModified\":\"2025-11-21T19:14:59.350\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-98\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:metz-connect:ewio2-m_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"7013D45A-B3DD-4110-A0FF-D0C01B859A37\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:metz-connect:ewio2-m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"892DDE15-8FE1-4D57-BCB6-5DFAC1F6826C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:metz-connect:ewio2-m-bm_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"05FE24BB-6605-444F-ACFF-D2FD2B70C05E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:metz-connect:ewio2-m-bm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A515C34-A698-47EF-B542-EAA491AE6CBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:metz-connect:ewio2-bm_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"DD9B7323-4C67-4DAC-905F-DDE5D6BD9D80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:metz-connect:ewio2-bm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7E4CCBC-35EE-4683-A039-55ABEE27E809\"}]}]}],\"references\":[{\"url\":\"https://certvde.com/de/advisories/VDE-2025-097\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41734\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-18T20:59:09.008160Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-18T20:59:16.799Z\"}}], \"cna\": {\"title\": \"Unauthenticated Local File Inclusion in php module\", \"source\": {\"defect\": [\"CERT@VDE#641881\"], \"advisory\": \"VDE-2025-097\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Noam Moshe from Claroty Team82\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Tomer Goldschmidt from Claroty Team82\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"METZ CONNECT\", \"product\": \"Energy-Controlling EWIO2-M\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2.2.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"METZ CONNECT\", \"product\": \"Energy-Controlling EWIO2-M-BM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2.2.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"METZ CONNECT\", \"product\": \"Ethernet-IO EWIO2-BM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2.2.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://certvde.com/de/advisories/VDE-2025-097\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-98\", \"description\": \"CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2025-11-18T10:18:00.774Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-41734\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-18T21:00:09.059Z\", \"dateReserved\": \"2025-04-16T11:17:48.319Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2025-11-18T10:18:00.774Z\", \"assignerShortName\": \"CERTVDE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-41734

Vulnerability from fkie_nvd - Published: 2025-11-18 11:15 - Updated: 2025-11-21 19:14

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

References

	URL	Tags
	info@cert.vde.com	https://certvde.com/de/advisories/VDE-2025-097	Third Party Advisory

Impacted products

Vendor	Product	Version
metz-connect	ewio2-m_firmware	*
metz-connect	ewio2-m	-
metz-connect	ewio2-m-bm_firmware	*
metz-connect	ewio2-m-bm	-
metz-connect	ewio2-bm_firmware	*
metz-connect	ewio2-bm	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:metz-connect:ewio2-m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7013D45A-B3DD-4110-A0FF-D0C01B859A37",
              "versionEndExcluding": "2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:metz-connect:ewio2-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "892DDE15-8FE1-4D57-BCB6-5DFAC1F6826C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:metz-connect:ewio2-m-bm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05FE24BB-6605-444F-ACFF-D2FD2B70C05E",
              "versionEndExcluding": "2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:metz-connect:ewio2-m-bm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A515C34-A698-47EF-B542-EAA491AE6CBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:metz-connect:ewio2-bm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD9B7323-4C67-4DAC-905F-DDE5D6BD9D80",
              "versionEndExcluding": "2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:metz-connect:ewio2-bm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7E4CCBC-35EE-4683-A039-55ABEE27E809",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices."
    }
  ],
  "id": "CVE-2025-41734",
  "lastModified": "2025-11-21T19:14:59.350",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-18T11:15:46.947",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://certvde.com/de/advisories/VDE-2025-097"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-98"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    }
  ]
}

GHSA-W68V-CC7M-4XG9

Vulnerability from github – Published: 2025-11-18 12:30 – Updated: 2025-11-18 12:30

Details

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-41734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-98"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T11:15:46Z",
    "severity": "CRITICAL"
  },
  "details": "An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.",
  "id": "GHSA-w68v-cc7m-4xg9",
  "modified": "2025-11-18T12:30:18Z",
  "published": "2025-11-18T12:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41734"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/de/advisories/VDE-2025-097"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-25-322-05

Vulnerability from csaf_cisa - Published: 2025-11-18 12:00 - Updated: 2025-11-18 12:00

Summary

METZ CONNECT EWIO2

Notes

Summary: A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, and potentially render the device non-functional.

Impact: Due to these vulnerabilities an unauthenticated attacker can take over control of the device. The data integrity as well as the device availability could no longer be guaranteed.

Remediation: METZ CONNECT has released a new SW-Version 2.2.0. Install version 2.2.0 or later to remediate this vulnerability. Schedule the update at your next maintenance window. No workaround offers equivalent protection.

Product Description: Compact Ethernet I/O controller that bridges field signals to IP networks. It acts as a Modbus TCP or BACnet/IP server (plus Modbus RTU for field devices) and includes a web-based Node‑RED environment for simple logic, visualization, and data logging—ideal for building and industrial automation.

Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Advisory Conversion Disclaimer: This ICSA is a verbatim republication of METZ CONNECT GmbH VDE-2025-097 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact METZ CONNECT GmbH directly for any questions regarding this advisory.

Critical infrastructure sectors: Critical Manufacturing

Countries/areas deployed: Worldwide

Company headquarters location: Germany

Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CVE-2025-41733

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Vendor Fix METZ CONNECT has released a new SW-Version 2.2.0. Install version 2.2.0 or later to remediate this vulnerability. Schedule the update at your next maintenance window. No workaround offers equivalent protection.

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—

Known affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—

CVE-2025-41734

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—

Known affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—

CVE-2025-41735

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 - Unrestricted Upload of File with Dangerous Type

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—

Known affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—

CVE-2025-41736

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-35 - Path Traversal: '.../...//'

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—

Known affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—

CVE-2025-41737

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 - Improper Access Control

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—

Known affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—

References

15 references

URL	Category
https://metz-connect.csaf-tp.certvde.com/.well-kn…	self
https://www.metz-connect.com/home/produkte/c-logl…	external
https://www.metz-connect.com/home/produkte/c-logl…	external
https://certvde.com/en/advisories/VDE-2025-097	self
https://www.metz-connect.com/home/produkte/c-logl…	external
https://certvde.com/de/advisories/vendor/metz-connect/	external
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/news-events/ics-alerts/ics-a…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://www.cisa.gov/sites/default/files/recommen…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/news-events/news/targeted-cy…	external
https://bugs.php.net/bug.php?id=69948	external

Acknowledgments

CERT@VDE certvde.com

Claroty Team82 Noam Moshe Tomer Goldschmidt

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordinating advisory disclosure",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Noam Moshe",
          "Tomer Goldschmidt"
        ],
        "organization": "Claroty Team82",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, and potentially render the device non-functional.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Due to these vulnerabilities an unauthenticated attacker can take over control of the device. The data integrity as well as the device availability could no longer be guaranteed.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "METZ CONNECT has released a new SW-Version 2.2.0. Install version 2.2.0 or later to remediate this vulnerability. Schedule the update at your next maintenance window. No workaround offers equivalent protection.",
        "title": "Remediation"
      },
      {
        "category": "description",
        "text": "Compact Ethernet I/O controller that bridges field signals to IP networks. It acts as a Modbus TCP or BACnet/IP server (plus Modbus RTU for field devices) and includes a web-based Node\u2011RED environment for simple logic, visualization, and data logging\u2014ideal for building and industrial automation.",
        "title": "Product Description"
      },
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "other",
        "text": "This ICSA is a verbatim republication of METZ CONNECT GmbH VDE-2025-097 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory.  Further, CISA does not endorse any commercial product or service.  Please contact METZ CONNECT GmbH directly for any questions regarding this advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2025-097: METZ CONNECT: Config API \u2013 Authentication bypass leads to admin takeover in EWIO2 series - CSAF",
        "url": "https://metz-connect.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-097.json"
      },
      {
        "category": "external",
        "summary": "Energy-Controlling M-Bus No. 110930 ",
        "url": "https://www.metz-connect.com/home/produkte/c-logline/energie-controlling/datenlogger.6a.de.html?id=110930"
      },
      {
        "category": "external",
        "summary": "Energy-Controlling BACnet / Modbus No. 110935 ",
        "url": "https://www.metz-connect.com/home/produkte/c-logline/energie-controlling/datenlogger.6a.de.html?id=110935"
      },
      {
        "category": "self",
        "summary": "VDE-2025-097: METZ CONNECT: Config API \u2013 Authentication bypass leads to admin takeover in EWIO2 series - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-097"
      },
      {
        "category": "external",
        "summary": "Ethernet-IO BACnet / Modbus No. 110904 ",
        "url": "https://www.metz-connect.com/home/produkte/c-logline/i-o-komponenten/ethernet-i-os.69.de.html?id=110904"
      },
      {
        "category": "external",
        "summary": "METZ CONNECT advisory overview at CERT@VDE",
        "url": "https://certvde.com/de/advisories/vendor/metz-connect/"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-322-05 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-322-05.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-322-05 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-05"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      }
    ],
    "title": "METZ CONNECT EWIO2",
    "tracking": {
      "aliases": [
        "VDE-2025-097"
      ],
      "current_release_date": "2025-11-18T12:00:00.000000Z",
      "generator": {
        "date": "2025-11-18T20:25:55.862983Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-25-322-05",
      "initial_release_date": "2025-11-18T12:00:00.000000Z",
      "revision_history": [
        {
          "date": "2025-11-18T12:00:00.000000Z",
          "number": "1.0.0",
          "summary": "Initial revision"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "EWIO2-M",
                    "product": {
                      "name": "Energy-Controlling EWIO2-M",
                      "product_id": "CSAFPID-0001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "110930"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "EWIO2-M-BM",
                    "product": {
                      "name": "Energy-Controlling EWIO2-M-BM",
                      "product_id": "CSAFPID-0002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "110935"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "Energy-Controlling"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "EWIO2-BM",
                    "product": {
                      "name": "Ethernet-IO EWIO2-BM",
                      "product_id": "CSAFPID-0003",
                      "product_identification_helper": {
                        "model_numbers": [
                          "110904 "
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "Ethernet-IO"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.2.0",
                "product": {
                  "name": "Firmware \u003c2.2.0",
                  "product_id": "CSAFPID-0004"
                }
              },
              {
                "category": "product_version",
                "name": "2.2.0",
                "product": {
                  "name": "Firmware 2.2.0",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "METZ CONNECT"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.2.0 installed on Energy-Controlling EWIO2-M",
          "product_id": "CSAFPID-0006"
        },
        "product_reference": "CSAFPID-0004",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.2.0 installed on Energy-Controlling EWIO2-M-BM",
          "product_id": "CSAFPID-0007"
        },
        "product_reference": "CSAFPID-0004",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.2.0 installed on Ethernet-IO EWIO2-BM",
          "product_id": "CSAFPID-0008"
        },
        "product_reference": "CSAFPID-0004",
        "relates_to_product_reference": "CSAFPID-0003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.2.0 installed on Energy-Controlling EWIO2-M",
          "product_id": "CSAFPID-0009"
        },
        "product_reference": "CSAFPID-0005",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.2.0 installed on Energy-Controlling EWIO2-M-BM",
          "product_id": "CSAFPID-0010"
        },
        "product_reference": "CSAFPID-0005",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.2.0 installed on Ethernet-IO EWIO2-BM",
          "product_id": "CSAFPID-0011"
        },
        "product_reference": "CSAFPID-0005",
        "relates_to_product_reference": "CSAFPID-0003"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41733",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "notes": [
        {
          "category": "description",
          "text": "The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011"
        ],
        "known_affected": [
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "METZ CONNECT has released a new SW-Version 2.2.0. Install version 2.2.0 or later to remediate this vulnerability. Schedule the update at your next maintenance window. No workaround offers equivalent protection.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        }
      ],
      "title": "Possible malfunction credential injection"
    },
    {
      "cve": "CVE-2025-41734",
      "cwe": {
        "id": "CWE-98",
        "name": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011"
        ],
        "known_affected": [
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "Bug #69948 path/domain are not sanitized in setcookie.",
          "url": "https://bugs.php.net/bug.php?id=69948"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "METZ CONNECT has released a new SW-Version 2.2.0. Install version 2.2.0 or later to remediate this vulnerability. Schedule the update at your next maintenance window. No workaround offers equivalent protection.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        }
      ],
      "title": "Unauthenticated Local File Inclusion in php module"
    },
    {
      "cve": "CVE-2025-41735",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "description",
          "text": "A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011"
        ],
        "known_affected": [
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "METZ CONNECT has released a new SW-Version 2.2.0. Install version 2.2.0 or later to remediate this vulnerability. Schedule the update at your next maintenance window. No workaround offers equivalent protection.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        }
      ],
      "title": "Possible arbitrary file upload"
    },
    {
      "cve": "CVE-2025-41736",
      "cwe": {
        "id": "CWE-35",
        "name": "Path Traversal: \u0027.../...//\u0027"
      },
      "notes": [
        {
          "category": "description",
          "text": "A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution. ",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011"
        ],
        "known_affected": [
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "METZ CONNECT has released a new SW-Version 2.2.0. Install version 2.2.0 or later to remediate this vulnerability. Schedule the update at your next maintenance window. No workaround offers equivalent protection.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        }
      ],
      "title": "Possible arbitrary code execution"
    },
    {
      "cve": "CVE-2025-41737",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "description",
          "text": "Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules. ",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011"
        ],
        "known_affected": [
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "METZ CONNECT has released a new SW-Version 2.2.0. Install version 2.2.0 or later to remediate this vulnerability. Schedule the update at your next maintenance window. No workaround offers equivalent protection.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        }
      ],
      "title": "Improper access control via php endpoint "
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-41734 (GCVE-0-2025-41734)

FKIE_CVE-2025-41734

GHSA-W68V-CC7M-4XG9

ICSA-25-322-05

Tags

Sightings

Nomenclature