Command Injection Vulnerability in WWH Servers by Vendor
CVE-2025-41663

8.1HIGH

Key Information:

Vendor: Weidmueller
Status: Ie-sr-2tx-wl; Ie-sr-2tx-wl-4g-eu; Ie-sr-2tx-wl-4g-us-v
Vendor: CVE Published:; 11 June 2025

🔔 Create Weidmueller Vulnerability Alert

What is CVE-2025-41663?

An unauthenticated remote attacker positioned to intercept communications can exploit this vulnerability by injecting arbitrary commands into the responses from WWH servers. This enables the attacker to execute commands with elevated privileges, potentially compromising the server's integrity and security. Organizations using these servers are urged to review their security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

IE-SR-2TX-WL 0

IE-SR-2TX-WL-4G-EU 0

IE-SR-2TX-WL-4G-US-V 0

References

https://certvde.com/en/advisories/VDE-2025-052

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

ONEKEY Research Labs