Remote Command Execution Vulnerability in Affected Software by Vendor
CVE-2025-41688

7.2HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbnet Hw1; Mbnet/mbnet.rokey; Rex 300; Rex 200/250
Vendor: CVE Published:; 31 July 2025

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2025-41688?

A remote attacker with high privileges can exploit a vulnerability to execute arbitrary operating system commands. This is achieved through an undocumented method that allows the attacker to escape the LUA sandbox, potentially compromising the integrity and security of the affected software. Ensuring proper sandboxing and implementing robust security measures is crucial to mitigate such vulnerabilities.

Affected Version(s)

mbNET HW1 0.0.0 <= 5.1.11

mbNET/mbNET.rokey 0.0.0 < 7.3.0

REX 200/250 0.0.0 < 7.3.0

References

https://certvde.com/de/advisories/VDE-2025-065

https://certvde.com/de/advisories/VDE-2025-069

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Marcel Rick-Cen