CVE-2025-41726

High CVSS: 8.8

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.

Vendor

Product

CWE

CWE-190

Yayın Tarihi

2026-01-27 12:15:57

Güncelleme

2026-01-27 14:59:34

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-190 HIGH 2026

Referanslar

https://certvde.com/de/advisories/VDE-2025-092