CVE-2025-41683 HIGH

CVE-2025-41683: Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

Vendor Weidmueller

Product IE-SR-2TX-WL

Weakness CWE-78

Published July 23, 2025

Last update July 23, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).

Key dates

02Disclosure timeline

July 23, 2025 CVE published

July 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-41683 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2025-41683

CWE CWE-78

CVSS 8.8 / HIGH

Affected versions

Vendor Weidmueller

Product IE-SR-2TX-WL

Affected ≥ V0.0 and < V1.49

Vendor Weidmueller

Product IE-SR-2TX-WL-4G-EU

Affected ≥ V0.0 and < V1.62

Vendor Weidmueller

Product IE-SR-2TX-WL-4G-US-V

Affected ≥ V0.0 and < V1.62

CVE-2025-41683: Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

01Description

02Disclosure timeline

03References

04Related CVE