CVE-2025-41689
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-08-25
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wiesemann_and_theis | motherbox | 1.46 |
| wiesemann_and_theis | motherbox | 1.47 |
| wiesemann_and_theis | motherbox | 1.48 |
| wiesemann_and_theis | motherbox | 1.49 |
| wiesemann_and_theis | motherbox | 1.45 |
| wiesemann_and_theis | motherbox | 1.44 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to gain read-only access to the internal database of Wiesemann & Theis GmbH's Motherbox 3 devices (firmware versions 1.44 through 1.48) without needing a password. The device does not require authentication to access stored measurement data from connected sensor devices, which is a Missing Authentication for Critical Function weakness (CWE-306). [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of measurement data stored on the affected device, as attackers can remotely access this data without authentication. While the access is read-only and does not affect data integrity or availability, sensitive measurement information could be exposed, potentially compromising confidentiality. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the firmware of Wiesemann & Theis GmbH's Motherbox 3 devices to version 1.49, which addresses the authentication flaw allowing unauthenticated remote read-only access. [1]