8.8
CVE-2025-41735
- EPSS 0.31%
- Veröffentlicht 18.11.2025 10:18:15
- Zuletzt bearbeitet 21.11.2025 19:15:17
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginA low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Metz-connect ≫ Ewio2-m Firmware Version < 2.2.0
Metz-connect ≫ Ewio2-m-bm Firmware Version < 2.2.0
Metz-connect ≫ Ewio2-bm Firmware Version < 2.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.539 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.