CVE-2025-41724 - Vulnerability Details - OpenCVE

An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json

History

Wed, 22 Oct 2025 07:15:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.
Title		Sauter: Crash via Incomplete SOAP Request
Weaknesses		CWE-239
References		https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2025-10-22T07:03:50.109Z

Updated: 2025-10-22T07:03:50.109Z

Reserved: 2025-04-16T11:17:48.318Z

Link: CVE-2025-41724

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-22T07:15:33.983

Modified: 2025-10-22T07:15:33.983

Link: CVE-2025-41724

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41724", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.318Z", "datePublished": "2025-10-22T07:03:50.109Z", "dateUpdated": "2025-10-22T07:03:50.109Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "modulo 6 devices modu680-AS", "vendor": "Sauter", "versions": [{"lessThan": "Firmware v3.2.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "modulo 6 devices modu660-AS", "vendor": "Sauter", "versions": [{"lessThan": "Firmware v3.2.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "modulo 6 devices modu612-LC", "vendor": "Sauter", "versions": [{"lessThan": "Firmware v3.2.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "EY-modulo 5 modu 5 modu524", "vendor": "Sauter", "versions": [{"lessThan": "Firmware v6.0", "status": "affected", "version": "0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "EY-modulo 5 modu 5 modu525", "vendor": "Sauter", "versions": [{"lessThan": "Firmware v6.0", "status": "affected", "version": "0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "EY-modulo 5 ecos 5 ecos504/505", "vendor": "Sauter", "versions": [{"lessThan": "Firmware v6.0", "status": "affected", "version": "0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again."}], "value": "An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-239", "description": "CWE-239:Failure to Handle Incomplete Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-10-22T07:03:50.109Z"}, "references": [{"url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"}], "source": {"advisory": "VDE-2025-060", "defect": ["CERT@VDE#641818"], "discovery": "UNKNOWN"}, "title": "Sauter: Crash via Incomplete SOAP Request", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}