CVE-2025-41731

HIGH

Jumo variTRON300/500 - Weak Password Generation in Debug Interface

Title source: llm

Description

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.

References (1)

[Various Sources] https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-086.json

Scores

CVSS v3 7.4

EPSS 0.0003

EPSS Percentile 6.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-338

Status published

Products (3)

Jumo/variTRON300 0.0.0.0 - 9.0.2.5

Jumo/variTRON500 0.0.0.0 - 9.0.2.5

Jumo/variTRON500 touch 0.0.0.0 - 9.0.2.5

Published Nov 10, 2025

Tracked Since Feb 18, 2026