CVE-2025-41720
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: CERT VDE
Description
Description
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sauter | modulo_6 | * |
| sauter | case_suite | 5.2_sr5 |
| sauter | modulo_6 | modu612-lc |
| sauter | modulo_6 | modu680-as |
| sauter | modulo_6 | modu660-as |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-646 | The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a low privileged remote attacker to upload arbitrary data disguised as a PNG file to the affected device through the webserver API because the system only verifies the file extension, not the actual file content.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized data uploads which may be used to inject malicious content or disrupt the normal operation of the device. Although it does not directly impact confidentiality or availability, it can affect the integrity of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70