CVE-2025-41742 CRITICAL

CVE-2025-41742: Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components

Vendor Sprecher Automation
Product SPRECON-E-C
Weakness CWE-1394
Published December 2, 2025
Last update December 2, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated