CVE-2025-41648

CRITICAL

IndustrialPI - Auth Bypass

Title source: llm

Description

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

References (1)

[Various Sources] https://certvde.com/en/advisories/VDE-2025-039

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 62.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-704

Status published

Products (1)

Pilz/IndustrialPI 4 with IndustrialPI webstatus < 2.4.6

Published Jul 01, 2025

Tracked Since Feb 18, 2026