Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-41663

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.

Published

2025-06-11T09:15:22.700

Last Modified

2025-07-23T09:15:25.413

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

References

https://certvde.com/en/advisories/VDE-2025-052 ([email protected])