Cross-Site Request Forgery Vulnerability in Main Web Interface of Vendor Product
CVE-2025-41661

8.8HIGH

Key Information:

Vendor: Weidmueller
Status: Ie-sr-2tx-wl; Ie-sr-2tx-wl-4g-eu; Ie-sr-2tx-wl-4g-us-v
Vendor: CVE Published:; 11 June 2025

🔔 Create Weidmueller Vulnerability Alert

What is CVE-2025-41661?

A vulnerability in the Main Web Interface allows unauthenticated remote attackers to execute arbitrary commands with root privileges on affected devices. This security flaw arises from a lack of proper Cross-Site Request Forgery (CSRF) protection in the endpoint event_mail_test, enabling attackers to initiate unauthorized actions without user consent.

Affected Version(s)

IE-SR-2TX-WL 0

IE-SR-2TX-WL-4G-EU 0

IE-SR-2TX-WL-4G-US-V 0

References

https://certvde.com/en/advisories/VDE-2025-052

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

ONEKEY Research Labs