CVE-2025-41663

Critical CVSS: 9.8

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.

Vendor

Product

CWE

CWE-78

Yayın Tarihi

2025-06-11 09:15:22

Güncelleme

2025-07-23 09:15:25

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-78 CRITICAL 2025

Referanslar

https://certvde.com/en/advisories/VDE-2025-052