CVE-2025-41731
BaseFortify
Publication date: 2025-11-10
Last updated on: 2025-11-12
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jumo | varitron500 | * |
| jumo | varitron500_touch | * |
| jumo | varitron300 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-338 | The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the password generation algorithm used for the debug interface. An unauthenticated local attacker who knows the timeframe in which passwords are generated could potentially brute force the password quickly and gain root access to the device if the debug interface remains enabled.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an unauthenticated local attacker to gain root access to the affected device, potentially leading to full control over the device, unauthorized access to sensitive data, and disruption of device operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately disable the debug interface if it is enabled. Restrict local access to the device to trusted users only. Monitor and limit attempts to access the debug interface to prevent brute force attacks.