CVE-2025-41688 HIGH

CVE-2025-41688: High Privilege RCE via LUA Sandbox Escape

Vendor Mb Connect Line
Product mbNET HW1
Weakness CWE-653
Published July 31, 2025
Last update July 31, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.

Key dates

02Disclosure timeline

July 31, 2025 CVE published
July 31, 2025 Record updated