File Upload Vulnerability in RUGGEDCOM ROX Products by Siemens
CVE-2025-33023

5.1MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-33023?

A vulnerability exists in various RUGGEDCOM ROX models where file upload restrictions are not enforced via the web interface. This permits authenticated remote attackers with elevated privileges to upload arbitrary files, which can lead to unauthorized access and exploitation of the affected device's capabilities. Organizations using these RUGGEDCOM products should assess their configurations and implement adequate security measures to mitigate potential risks.

Affected Version(s)

RUGGEDCOM ROX MX5000 0

RUGGEDCOM ROX MX5000RE 0

RUGGEDCOM ROX RX1400 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6651...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 15, 2025