CVE-2025-41737 HIGH

CVE-2025-41737: Improper access control via php endpoint

Vendor Metz Connect

Product Energy-Controlling EWIO2-M

Weakness CWE-284

Published November 18, 2025

Last update November 18, 2025

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.

Key dates

November 18, 2025 CVE published

November 18, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-41737

CWE CWE-284

CVSS 7.5 / HIGH

Vendor Metz Connect

Product Energy-Controlling EWIO2-M

Affected ≥ 0.0.0 and < 2.2.0

Vendor Metz Connect

Product Energy-Controlling EWIO2-M-BM

Affected ≥ 0.0.0 and < 2.2.0

Vendor Metz Connect

Product Ethernet-IO EWIO2-BM

Affected ≥ 0.0.0 and < 2.2.0