← Back

CVE-2025-41734

nvd nist
Published: Nov 18, 2025Modified: Nov 21, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: info@cert.vde.com (Secondary)

Description

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

Affected (3)

Metz Connect
3 products
Ewio2 M Firmware
Ewio2 M Bm Firmware
Ewio2 Bm Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ewio2 M Firmware
Before 2.2.0
Running on/withPlatform Versions
Metz Connect
Ewio2 M
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ewio2 M Bm Firmware
Before 2.2.0
Running on/withPlatform Versions
Metz Connect
Ewio2 M Bm
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ewio2 Bm Firmware
Before 2.2.0
Running on/withPlatform Versions
Metz Connect
Ewio2 Bm
All versions

Related CWEs

CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References (1)

Source: info@cert.vde.com
Third Party Advisory

Timeline

No history available yet.