CVE-2025-41690

HIGH

Bluetooth Device - Info Disclosure

Title source: llm

Description

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.

References (1)

[Various Sources] https://certvde.com/en/advisories/VDE-2025-068

Scores

CVSS v3 7.4

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-532

Status published

Products (6)

Endress+Hauser/Promag 10 with HART < 01.00.06

Endress+Hauser/Promag 10 with IO-Link < 01.00.02

Endress+Hauser/Promag 10 with Modbus < 01.00.06

Endress+Hauser/Promass 10 with HART < 01.00.06

Endress+Hauser/Promass 10 with IO-Link < 01.00.02

Endress+Hauser/Promass 10 with Modbus < 01.00.06

Published Sep 02, 2025

Tracked Since Feb 18, 2026