OS Command Injection Vulnerability in Device Due to USB Configuration File Loading
CVE-2025-3705

6.8MEDIUM

Key Information:

Vendor: Frauscher
Status: Fds102; Fds101; Fds-snmp101
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-3705?

A vulnerability exists that allows a physical attacker with no privileges to take complete control of affected devices. This is due to the improper neutralization of special elements during the OS command injection process when loading configuration files from a USB drive. If exploited, this vulnerability can lead to unauthorized actions and compromise the integrity of the device.

Affected Version(s)

FDS-SNMP101 0.0.0

FDS101 0.0.0

FDS102 0.0.0

References

https://certvde.com/en/advisories/VDE-2025-030

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Apr 16, 2025

Frauscher

What is CVE-2025-3705?

Affected Version(s)

References

CVSS V3.1

Timeline