CVE-2025-41724 HIGH

CVE-2025-41724: Sauter: Crash via Incomplete SOAP Request

Vendor Sauter

Product modulo 6 devices modu680-AS

Weakness CWE-239

Published October 22, 2025

Last update October 22, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.

Key dates

02Disclosure timeline

October 22, 2025 CVE published

October 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-41724

Related vulnerabilities

Identifiers

CVE CVE-2025-41724

CWE CWE-239

CVSS 7.5 / HIGH

Affected versions

Vendor Sauter

Product modulo 6 devices modu680-AS

Affected ≥ 0.0.0 and < Firmware v3.2.0

Vendor Sauter

Product modulo 6 devices modu660-AS

Affected ≥ 0.0.0 and < Firmware v3.2.0

Vendor Sauter

Product modulo 6 devices modu612-LC

Affected ≥ 0.0.0 and < Firmware v3.2.0

Vendor Sauter

Product EY-modulo 5 modu 5 modu524

Affected ≥ 0.0 and < Firmware v6.0

Vendor Sauter

Product EY-modulo 5 modu 5 modu525

Affected ≥ 0.0 and < Firmware v6.0

Vendor Sauter

Product EY-modulo 5 ecos 5 ecos504/505

Affected ≥ 0.0 and < Firmware v6.0

CVE-2025-41724: Sauter: Crash via Incomplete SOAP Request

01Description

02Disclosure timeline

03References

04Related CVE