CVE-2025-41648CRITICAL 9.8EPSS p48.1%

CVE-2025-41648CVE-2025-41648

Description

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.70% probability of exploitation · percentile 48.1% · 2026-06-18T12:00:27Z
Published2025-07-01
Last modified2026-04-15

Underlying weaknesses· 1

CWE-704

References

  1. https://certvde.com/en/advisories/VDE-2025-039

1

TypeTargetConfidenceTier
WeaknessIncorrect Type Conversion or Castcwe-7040%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41684
CVE
CVE-2025-41709
CVE
CVE-2025-41656
CVE
CVE-2025-48466
CVE
CVE-2026-24790
CVE
CVE-2025-41651
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.