CVE-2025-41731 HIGH

CVE-2025-41731: Jumo: Insufficient entropy in PRNG may lead to root access

Vendor Jumo
Product variTRON300
Weakness CWE-338
Published November 10, 2025
Last update November 10, 2025

CVSS base score

7.4/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.

Key dates

02Disclosure timeline

November 10, 2025 CVE published
November 10, 2025 Record updated