CVE-2025-41744 CRITICAL

CVE-2025-41744: Sprecher Automation: SPRECON-E series has static default key material for TLS connections

Vendor Sprecher Automation
Product SPRECON-E-C
Weakness CWE-1394
Published December 2, 2025
Last update December 2, 2025

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated