Command Injection Vulnerability in Cloud Server Communication Script by Vendor X
CVE-2025-41675

7.2HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbnet.mini; Rex 100
Vendor: CVE Published:; 21 July 2025

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2025-41675?

A vulnerability exists in the cloud server communication script that allows a remote attacker possessing high privileges to execute arbitrary system commands. This issue arises due to improper handling of special characters in OS commands triggered by GET requests. Exploiting this gap can lead to unauthorized access and execution of malicious commands on the server, posing a significant threat to the integrity and confidentiality of the system.

Affected Version(s)

mbNET.mini 0.0.0 < 2.3.3

REX 100 0.0.0 < 2.3.3

References

https://certvde.com/de/advisories/VDE-2025-058

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS