24h | 7d | 30d

CVE-2025-41736

Overview

METZ CONNECT
Energy-Controlling EWIO2-M

18 Nov 2025

Published

18 Nov 2025

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.25%

MITRE

KEV

Description

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.

Statistics

1 Post

Last activity: 18 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-097
METZ CONNECT: Config API – Authentication bypass leads to admin takeover in EWIO2 series

A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, and potentially render the device non-functional.
#CVE CVE-2025-41734, CVE-2025-41733, CVE-2025-41736, CVE-2025-41735, CVE-2025-41737

https://certvde.com/en/advisories/vde-2025-097/

#CSAF https://metz-connect.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-097.json

0
0
0
18h ago

Showing 41 to 41 of 41 CVEs