CVE-2025-41418
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-06-30
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-41418 is a classic buffer overflow vulnerability in multiple versions of TB-eye network and AHD recorders. It occurs when the CGI process on the device processes a specially crafted request, causing the process to terminate abnormally. This can disrupt the normal functioning of the device. [2]
How can this vulnerability impact me? :
This vulnerability can cause the CGI process on affected TB-eye devices to terminate unexpectedly, potentially leading to denial of service or disruption of device functionality. While it does not allow data theft or code execution directly, it can make the device unavailable or unstable. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing all device passwords, including those registered in remote monitoring software, to strong, hard-to-guess passwords. Additionally, update affected devices to the latest patched firmware versions provided by TB-eye Ltd. For older models not listed, migration to successor products is recommended. [1, 2]