CVE-2025-41687 - Vulnerability Details - OpenCVE

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Weidmueller	Ie-sr-2tx-wl Ie-sr-2tx-wl-4g-eu Ie-sr-2tx-wl-4g-us-v U-link Management Api

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2025-052

History

Wed, 23 Jul 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Weidmueller Weidmueller ie-sr-2tx-wl Weidmueller ie-sr-2tx-wl-4g-eu Weidmueller ie-sr-2tx-wl-4g-us-v Weidmueller u-link Management Api
Vendors & Products		Weidmueller Weidmueller ie-sr-2tx-wl Weidmueller ie-sr-2tx-wl-4g-eu Weidmueller ie-sr-2tx-wl-4g-us-v Weidmueller u-link Management Api

Wed, 23 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 23 Jul 2025 08:30:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.
Title		Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API
Weaknesses		CWE-121
References		https://certvde.com/de/advisories/VDE-2025-052
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2025-07-23T08:23:52.447Z

Updated: 2025-07-23T14:03:59.533Z

Reserved: 2025-04-16T11:17:48.309Z

Link: CVE-2025-41687

Vulnrichment

Updated: 2025-07-23T14:03:56.906Z

NVD

Status : Awaiting Analysis

Published: 2025-07-23T09:15:25.907

Modified: 2025-07-25T15:29:44.523

Link: CVE-2025-41687

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41687", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.309Z", "datePublished": "2025-07-23T08:23:52.447Z", "dateUpdated": "2025-07-23T14:03:59.533Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IE-SR-2TX-WL", "vendor": "Weidmueller", "versions": [{"lessThan": "V1.49", "status": "affected", "version": "V0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SR-2TX-WL-4G-EU", "vendor": "Weidmueller", "versions": [{"lessThan": "V1.62", "status": "affected", "version": "V0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SR-2TX-WL-4G-US-V", "vendor": "Weidmueller", "versions": [{"lessThan": "V1.62", "status": "affected", "version": "V0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos Inc."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.<br>"}], "value": "An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-07-23T08:23:52.447Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-052"}], "source": {"advisory": "VDE-2025-052", "defect": ["CERT@VDE#641805"], "discovery": "UNKNOWN"}, "title": "Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-23T14:03:42.190289Z", "id": "CVE-2025-41687", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T14:03:59.533Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41687", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-23T14:03:42.190289Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T14:03:56.906Z"}}], "cna": {"title": "Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API", "source": {"defect": ["CERT@VDE#641805"], "advisory": "VDE-2025-052", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos Inc."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Weidmueller", "product": "IE-SR-2TX-WL", "versions": [{"status": "affected", "version": "V0.0", "lessThan": "V1.49", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SR-2TX-WL-4G-EU", "versions": [{"status": "affected", "version": "V0.0", "lessThan": "V1.62", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SR-2TX-WL-4G-US-V", "versions": [{"status": "affected", "version": "V0.0", "lessThan": "V1.62", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-052"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-07-23T08:23:52.447Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41687", "state": "PUBLISHED", "dateUpdated": "2025-07-23T14:03:59.533Z", "dateReserved": "2025-04-16T11:17:48.309Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-07-23T08:23:52.447Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}