CVE-2025-3705
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-08
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-3705 is an OS Command Injection vulnerability affecting Frauscher Sensortechnik GmbH products FDS101, FDS-SNMP101, and FDS102. A physical attacker with no privileges can gain full control of the affected device by loading a malicious configuration file from a USB drive. This happens because the device improperly neutralizes special elements in OS commands when loading the config file, allowing arbitrary OS commands to be executed. [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker with physical access to the device to execute arbitrary OS commands, leading to full control over the device. This compromises the confidentiality, integrity, and availability of the device, potentially disrupting its normal operation and exposing sensitive data. [1]
What immediate steps should I take to mitigate this vulnerability?
Restrict physical access to the affected devices to authorized personnel only. For FDS102 devices, ensure they are connected to a category 2 network as per EN 50159:2010. If connected to a category 3 network, implement additional protective measures. Update the FDS102 device firmware to version 2.13.3 or later to remediate the vulnerability. [1]