Remote Code Execution Vulnerability in Application by Fast-Track Methods
CVE-2025-41676

4.9MEDIUM

Key Information:

Vendor: Mb Connect Line
Status: Mbnet.mini; Rex 100
Vendor: CVE Published:; 21 July 2025

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2025-41676?

A vulnerability exists that allows a privileged remote attacker to deplete critical system resources by sending specially crafted POST requests to the send-sms action in rapid succession. This can lead to service disruption, thus potentially impacting availability and performance of the affected product.

Affected Version(s)

mbNET.mini 0.0.0 < 2.3.3

REX 100 0.0.0 < 2.3.3

References

https://certvde.com/de/advisories/VDE-2025-058

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS