CVE-2025-41718 - Vulnerability Details - OpenCVE

A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://murrelektronik.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-091.json

History

Tue, 14 Oct 2025 08:45:00 +0000

Type	Values Removed	Values Added
Description		A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.
Title		Murrelektronik: Unprotected Transport of Credentials
Weaknesses		CWE-319
References		https://murrelektronik.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-091.json
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2025-10-14T08:25:52.136Z

Updated: 2025-10-14T18:42:14.852Z

Reserved: 2025-04-16T11:17:48.313Z

Link: CVE-2025-41718

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-14T09:15:33.040

Modified: 2025-10-14T09:15:33.040

Link: CVE-2025-41718

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41718", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.313Z", "datePublished": "2025-10-14T08:25:52.136Z", "dateUpdated": "2025-10-14T18:42:14.852Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Firmware Impact67 Pro 54630", "vendor": "Murrelektronik", "versions": [{"lessThanOrEqual": "1.08.01", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Firmware Impact67 Pro 54620", "vendor": "Murrelektronik", "versions": [{"lessThanOrEqual": "1.08.01", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Firmware Impact67 Pro 54631", "vendor": "Murrelektronik", "versions": [{"lessThanOrEqual": "1.08.05", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Firmware Impact67 Pro 54632", "vendor": "Murrelektronik", "versions": [{"lessThanOrEqual": "1.08.01", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abhishek Pandey from Payatu Security Consulting Pvt. Ltd."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI."}], "value": "A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-10-14T08:25:52.136Z"}, "references": [{"url": "https://murrelektronik.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-091.json"}], "source": {"advisory": "VDE-2025-091", "defect": ["CERT@VDE#641864"], "discovery": "UNKNOWN"}, "title": "Murrelektronik: Unprotected Transport of Credentials", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T18:42:07.442943Z", "id": "CVE-2025-41718", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T18:42:14.852Z"}}]}}