CVE-2025-41715
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-24

Last updated on: 2025-09-24

Assigner: CERT VDE

Description
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-24
Last Modified
2025-09-24
Generated
2026-06-16
AI Q&A
2025-09-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41715
EUVD
EUVD-2025-30954
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wago gmbh software_solution_builder
wago gmbh software_device_sphere
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs because the database for the web application is exposed without requiring authentication. This means that anyone on the internet can access the database without needing to log in or provide credentials, allowing an attacker to gain unauthorized access and potentially compromise the data stored within.

Impact Analysis

The impact of this vulnerability is severe. An unauthenticated remote attacker can access and potentially compromise the database, leading to loss of confidentiality, integrity, and availability of the data. This could result in data breaches, data manipulation, or denial of service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41715. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart