CVE-2025-41452 MEDIUM

CVE-2025-41452: Post auth nginx configuration injection in Danfoss AK-SM8xxA Series

Vendor Danfoss

Product AK-SM8xxA Series

Weakness CWE-15

Published August 22, 2025

Last update August 22, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

Description

Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions

Key dates

Disclosure timeline

August 22, 2025 CVE published

August 22, 2025 Record updated