Command Injection Vulnerability in Danfoss AK-SM8xxA Series
CVE-2025-41451

8.7HIGH

Key Information:

Vendor: Danfoss
Status: Ak-sm8xxa Series
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-41451?

The Danfoss AK-SM8xxA Series prior to version 4.3.1 is susceptible to a command injection vulnerability due to improper handling of data within the alarm-to-mail configuration fields. This flaw could allow an attacker who has already authenticated to execute arbitrary commands on the affected system, potentially leading to unauthorized actions and data exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AK-SM8xxA Series 0 < 4.3.1

References

https://www.danfoss.com/en/service-and-support/downloads/...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Danfoss

What is CVE-2025-41451?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.