Critical severity9.8NVD Advisory· Published Jun 11, 2025· Updated Apr 15, 2026
CVE-2025-41663
CVE-2025-41663
Description
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.