← Back

CVE-2025-41737

nvd nist
Published: Nov 18, 2025Modified: Nov 21, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: info@cert.vde.com (Secondary)

Description

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.

Affected (3)

Metz Connect
3 products
Ewio2 M Firmware
Ewio2 M Bm Firmware
Ewio2 Bm Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ewio2 M Firmware
Before 2.2.0
Running on/withPlatform Versions
Metz Connect
Ewio2 M
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ewio2 M Bm Firmware
Before 2.2.0
Running on/withPlatform Versions
Metz Connect
Ewio2 M Bm
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ewio2 Bm Firmware
Before 2.2.0
Running on/withPlatform Versions
Metz Connect
Ewio2 Bm
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: info@cert.vde.com
Third Party Advisory

Timeline

No history available yet.