CVE-2025-41713

MEDIUM

Switch - SSRF

Title source: llm

Description

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.

References (2)

[Various Sources] https://certvde.com/en/advisories/VDE-2025-083

[Various Sources] https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-083.json

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 32.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1188

Status published

Products (48)

WAGO/CC100 0751-9301 < HW

WAGO/CC100 0751-9301 HW rev. <082100 < 04.08.05

WAGO/CC100 0751-9301/K000-0005 < HW

WAGO/CC100 0751-9301/K000-0005 HW rev. <082100 < 04.08.05

WAGO/CC100 0751-9401 < HW

WAGO/CC100 0751-9401 HW rev. <052500 < 04.08.05

WAGO/CC100 0751-9402 < HW

WAGO/CC100 0751-9402 HW rev. <032800 < 04.08.05

WAGO/CC100 0751-9402/0000-0001 < HW

WAGO/CC100 0751-9402/0000-0001 HW rev. <052800 < 04.08.05

... and 38 more

Published Sep 15, 2025

Tracked Since Feb 18, 2026