CVE-2025-41675
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-11-06
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mbconnectline | mbnet.mini_firmware | to 2.3.3 (exc) |
| mbconnectline | mbnet.mini | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a high privileged remote attacker to execute arbitrary system commands on the affected cloud server by sending specially crafted GET requests. The issue arises because the server's communication script does not properly neutralize special elements used in operating system commands, enabling command injection.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary commands on the system with high privileges, potentially leading to full system compromise. This can result in unauthorized data access, data modification, service disruption, or complete control over the affected server.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to update the device firmware to version 2.3.3 or later, as this version addresses multiple security issues including OS command injections. [1]