Unrated severityNVD Advisory· Published Jul 21, 2025· Updated Nov 3, 2025

Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

CVE-2025-41674

Description

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.

Affected products

Helmholz/REX 100v5
Range: 0.0.0
MB connect line/mbNET.miniv5
Range: 0.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

certvde.com/de/advisories/VDE-2025-058mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000