CVE-2025-41675

Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization

Description

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.

INFO

Published Date :

2025-07-21T09:29:57.024Z

Last Modified :

2025-11-03T19:59:00.344Z

Source :

CERTVDE

AFFECTED PRODUCTS

The following products are affected by CVE-2025-41675 vulnerability.

Vendors	Products
Helmholz	Rex 100
Mb Connect Line	Mbnet.mini
Mbconnectline	Mbnet.mini Mbnet.mini Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-41675.

URL	Resource
http://seclists.org/fulldisclosure/2025/Jul/38
https://certvde.com/de/advisories/VDE-2025-058

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact