Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Nov 18, 2025

Possible arbitrary code execution

CVE-2025-41736

Description

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.

Affected products

Connect Inc./Energy Controlling Ewio2 Mv5
Range: 0.0.0
Metz Connect/Energy Controlling Ewio2 M Bmv5
Range: 0.0.0
Metz Connect/Ethernet Io Ewio2 Bmv5
Range: 0.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

certvde.com/de/advisories/VDE-2025-097mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000