Command Injection Vulnerability in Danfoss AK-SM8xxA Series
CVE-2025-41451

8.7HIGH

Key Information:

Vendor: Danfoss
Status: Ak-sm8xxa Series
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-41451?

The Danfoss AK-SM8xxA Series prior to version 4.3.1 is susceptible to a command injection vulnerability due to improper handling of data within the alarm-to-mail configuration fields. This flaw could allow an attacker who has already authenticated to execute arbitrary commands on the affected system, potentially leading to unauthorized actions and data exposure.

Affected Version(s)

AK-SM8xxA Series 0 < 4.3.1

References

https://www.danfoss.com/en/service-and-support/downloads/...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025