CVE-2025-41673 HIGH

CVE-2025-41673: Remote Command Injection in send_sms Action Due to Improper Input Neutralization

Vendor Mb Connect Line

Product mbNET.mini

Weakness CWE-78

Published July 21, 2025

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.

Key dates

02Disclosure timeline

July 21, 2025 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-41673

Related vulnerabilities

Identifiers

CVE CVE-2025-41673

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions

Vendor Mb Connect Line

Product mbNET.mini

Affected ≥ 0.0.0 and < 2.3.3

Vendor Helmholz

Product REX 100

Affected ≥ 0.0.0 and < 2.3.3

CVE-2025-41673: Remote Command Injection in send_sms Action Due to Improper Input Neutralization

01Description

02Disclosure timeline

03References

04Related CVE