Credential Exposure in Charge Controller by XYZ Vendor
CVE-2025-41682

8.8HIGH

Key Information:

Vendor: Bender
Status: Cc612; Cc613; Icc16xx; Icc13xx
Vendor: CVE Published:; 8 September 2025

What is CVE-2025-41682?

An authenticated, low-privileged attacker can exploit this vulnerability to gain access to sensitive credentials stored within the charge controller. The exposure of the manufacturer password poses significant security risks, enabling potential unauthorized actions against affected systems. It is crucial for users to understand the possible implications and take necessary measures to secure their devices against such vulnerabilities.

Affected Version(s)

CC612 5.30.2 < 5.33.3

CC613 5.30.2 < 5.33.3

ICC13xx 5.30.2 < 5.33.3

References

https://certvde.com/de/advisories/VDE-2025-061

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Dr. Matthias Kesenheimer by SySS GmbH

Sebastian Hamann by SySS GmbH

Bender

What is CVE-2025-41682?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit