CVE-2025-41734 CRITICAL

CVE-2025-41734: Unauthenticated Local File Inclusion in php module

Vendor Metz Connect

Product Energy-Controlling EWIO2-M

Weakness CWE-98 · PHP file inclusion

Published November 18, 2025

Last update November 18, 2025

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

Key dates

November 18, 2025 CVE published

November 18, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-41734

CWE CWE-98

CVSS 9.8 / CRITICAL

Vendor Metz Connect

Product Energy-Controlling EWIO2-M

Affected ≥ 0.0.0 and < 2.2.0

Vendor Metz Connect

Product Energy-Controlling EWIO2-M-BM

Affected ≥ 0.0.0 and < 2.2.0

Vendor Metz Connect

Product Ethernet-IO EWIO2-BM

Affected ≥ 0.0.0 and < 2.2.0