Overview
- METZ CONNECT
- Energy-Controlling EWIO2-M
18 Nov 2025
Published
18 Nov 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.25%
KEV
Description
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.
Statistics
- 1 Post
Last activity: 18 hours ago
Fediverse
#OT #Advisory VDE-2025-097
METZ CONNECT: Config API – Authentication bypass leads to admin takeover in EWIO2 series
A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, and potentially render the device non-functional.
#CVE CVE-2025-41734, CVE-2025-41733, CVE-2025-41736, CVE-2025-41735, CVE-2025-41737
https://certvde.com/en/advisories/vde-2025-097/
#CSAF https://metz-connect.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-097.json