CVE-2025-41657
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-12
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-207 | The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability arises because certain AUMA Riester actuators, specifically AC.2 controls and PROFOX actuators released between January 1, 2024, and May 9, 2025, were shipped with an active Bluetooth stack despite the configuration option to keep Bluetooth deactivated. This undocumented active Bluetooth allows an unauthenticated adjacent attacker to perform fingerprinting on the device via Bluetooth, potentially identifying or profiling the device without authorization. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is limited to potential unwanted fingerprinting of the device by an unauthenticated adjacent attacker through the active Bluetooth interface. This could allow attackers to gather information about the device, which might be used for further targeted attacks or reconnaissance. However, the Bluetooth interface is not required for normal operation and can be deactivated after delivery to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by scanning for active Bluetooth interfaces on the affected devices, as the Bluetooth stack is unintentionally active. You can use standard Bluetooth scanning commands such as 'bluetoothctl scan on' on Linux or 'hcitool scan' to detect nearby Bluetooth devices. Additionally, checking the device configuration to see if the Bluetooth module is active despite the 'L90.00 = Bluetooth always deactivated' setting can help identify the issue. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to ensure the Bluetooth interface on the affected actuators is deactivated under normal conditions, as it is not required for normal operation. This can be done by following the standard procedures described in the product manuals to disable Bluetooth. Only activate the Bluetooth interface when necessary, such as for configuration or diagnostic purposes. [1]