Authentication Bypass Vulnerability in Network Devices by CertVDE
CVE-2025-41652

9.8CRITICAL

Key Information:

Vendor: Weidmueller
Status: Ie-sw-vl05m-5tx; Ie-sw-vl05mt-5tx; Ie-sw-vl08mt-8tx; Ie-sw-vl08mt-5tx-1sc-2scs
Vendor: CVE Published:; 27 May 2025

🔔 Create Weidmueller Vulnerability Alert

What is CVE-2025-41652?

Network devices from CertVDE are susceptible to an authentication bypass stemming from inadequacies in their authorization processes. This vulnerability allows unauthenticated remote attackers to potentially exploit the system through brute-force methods to guess valid user credentials or use MD5 collision techniques to fabricate authentication hashes. The successful exploitation may lead to unauthorized access, putting the integrity and confidentiality of the device at risk.

Affected Version(s)

IE-SW-PL10M-3GT-7TX 0.0.0 < 3.3.34

IE-SW-PL10MT-3GT-7TX 0.0.0 < 3.3.34

IE-SW-PL16M-16TX 0.0.0 < 3.4.32

References

https://certvde.com/en/advisories/VDE-2025-044/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
Apr 16, 2025