SQL Injection Vulnerability in Configuration Database for Vendor Product
CVE-2025-41678

6.5MEDIUM

Key Information:

Vendor: Mb Connect Line
Status: Mbnet.mini; Rex 100
Vendor: CVE Published:; 21 July 2025

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2025-41678?

A vulnerability exists that allows a remote attacker with high privileges to manipulate the configuration database through crafted POST requests. This issue arises from improper handling of special elements in SQL statements, making it possible for attackers to disrupt the normal functioning of the affected products and potentially gain unauthorized access to sensitive configuration data.

Affected Version(s)

mbNET.mini 0.0.0 < 2.3.3

REX 100 0.0.0 < 2.3.3

References

https://certvde.com/de/advisories/VDE-2025-058

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS