Remote Code Execution Vulnerability in Diagnostic Tool of Affected Product by Vendor
CVE-2025-41674

7.2HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbnet.mini; Rex 100
Vendor: CVE Published:; 21 July 2025

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2025-41674?

A vulnerability exists that allows a remote attacker with high privileges to execute arbitrary system commands through improperly validated POST requests in the diagnostic action of the affected product. This weakness can potentially lead to severe system compromise if exploited, as it enables attackers to manipulate system operations remotely.

Affected Version(s)

mbNET.mini 0.0.0 < 2.3.3

REX 100 0.0.0 < 2.3.3

References

https://certvde.com/de/advisories/VDE-2025-058

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS