FTP Server Vulnerability in Janitza and Weidmüller Products
CVE-2025-41710

6.5MEDIUM

Key Information:

Vendor: Janitza
Status: Umg 96rm-e 24v(5222063); Umg 96rm-e 230v(5222062); Energy Meter 750-230 (2540910000); Energy Meter 750-24 (2540900000)
Vendor: CVE Published:; 10 March 2026

🔔 Create Janitza Vulnerability Alert

What is CVE-2025-41710?

An unauthenticated remote attacker can exploit hardcoded credentials to gain access to an FTP Server, which has previously been activated. This access provides limited read and write privileges, potentially allowing unauthorized modifications or data extraction from the server.

Affected Version(s)

ENERGY METER 750-230 (2540910000) 0.0 <= 3.13

ENERGY METER 750-24 (2540900000) 0.0 <= 3.13

UMG 96RM-E 230V(5222062) 0.0 <= 3.13

References

https://certvde.com/en/advisories/VDE-2025-079/

vendor-advisory

https://certvde.com/en/advisories/VDE-2025-096/

vendor-advisory

https://janitza.csaf-tp.certvde.com/.well-known/csaf/whit...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Deutsche Telekom Security (DT Security)

CVE-2025-41710 Data

.