CVE-2025-41690 HIGH

CVE-2025-41690: Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions

Vendor Endress+Hauser
Product Promag 10 with HART
Weakness CWE-532 · Sensitive info in logs
Published September 2, 2025
Last update September 2, 2025

CVSS base score

7.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.

Key dates

02Disclosure timeline

September 2, 2025 CVE published
September 2, 2025 Record updated