CVE-2025-41681
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-11-06
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mbconnectline | mbnet.mini_firmware | to 2.3.3 (exc) |
| mbconnectline | mbnet.mini | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a highly privileged remote attacker to perform persistent cross-site scripting (XSS) attacks by sending specially crafted POST requests. The issue arises because the application does not properly neutralize special elements used to create dynamic content, enabling the attacker to inject malicious scripts that persist and execute in users' browsers.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized script execution in the context of the affected application, potentially allowing attackers to steal sensitive information, hijack user sessions, or perform actions on behalf of legitimate users. Since the attacker requires high privileges and user interaction, the impact is moderate but can compromise confidentiality and integrity of data.