CVE-2025-41744

CRITICAL

Sprecher Automations SPRECON-E - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-41744. PoCs published by gromila7813, sinrinmagic43.

AI-analyzed exploit summary The repository claims to provide an exploit for CVE-2025-41744 but lacks actual exploit code, instead directing users to download a ZIP file from an external source. The README contains vague descriptions and no technical details about the vulnerability or exploitation process.

Description

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.

Exploits (2)

github SUSPICIOUS

by gromila7813 · poc

https://github.com/gromila7813/CVE-2025-41744

View Code ZIP pw:eip

The repository claims to provide an exploit for CVE-2025-41744 but lacks actual exploit code, instead directing users to download a ZIP file from an external source. The README contains vague descriptions and no technical details about the vulnerability or exploitation process.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Sprecher Automation SPRECON-E-C

No auth needed

Prerequisites: Basic networking tools · Python 3.10+ · Administrative privileges

devstral-2 · analyzed Feb 19, 2026 Full analysis →

github SUSPICIOUS

by sinrinmagic43 · poc

https://github.com/sinrinmagic43/CVE-2025-41744-Poc

View Code ZIP pw:eip

The repository claims to provide an exploit for CVE-2025-41744 but lacks actual exploit code, instead directing users to download an external ZIP file. The README contains vague descriptions and no technical details about the vulnerability or exploitation process.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Sprecher Automation SPRECON-E-C

No auth needed

Prerequisites: network access to target · Wireshark · OpenSSL · Python 3.10+

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources vendor-advisory

https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf

Scores

CVSS v3 9.1

EPSS 0.0028

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-1394

Status published

Products (3)

sprecher-automation/sprecon-e-c_firmware

sprecher-automation/sprecon-e-p_firmware

sprecher-automation/sprecon-e-t3_firmware

Published Dec 02, 2025

Tracked Since Feb 18, 2026