Command Injection Vulnerability in WWH Servers by Vendor
CVE-2025-41663

9.8CRITICAL

Key Information:

Vendor: Weidmueller
Status: Ie-sr-2tx-wl; Ie-sr-2tx-wl-4g-eu; Ie-sr-2tx-wl-4g-us-v
Vendor: CVE Published:; 11 June 2025

🔔 Create Weidmueller Vulnerability Alert

What is CVE-2025-41663?

An unauthenticated remote attacker positioned to intercept communications can exploit this vulnerability by injecting arbitrary commands into the responses from WWH servers. This enables the attacker to execute commands with elevated privileges, potentially compromising the server's integrity and security. Organizations using these servers are urged to review their security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

IE-SR-2TX-WL 0

IE-SR-2TX-WL-4G-EU 0

IE-SR-2TX-WL-4G-US-V 0

References

https://certvde.com/en/advisories/VDE-2025-052

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

ONEKEY Research Labs

JSON