Cyber Resilience

CVE-2025-41666

High

Published: 08 July 2025

Published
08 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0118 79.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41666 is a high-severity Link Following (CWE-59) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2025-41666 is a link-following vulnerability (CWE-59) that permits replacement of a critical file consumed by a watchdog process. The flaw resides in an unspecified device or embedded component that initializes this watchdog after boot, allowing subsequent file operations to be redirected. It carries a CVSS 3.1 base score of 8.8.

A low-privileged remote attacker who already possesses file-access rights on the target can exploit the issue by substituting the watchdog’s referenced file. Once the watchdog initializes, the attacker obtains read, write, and execute permissions over arbitrary files on the device.

The single referenced advisory (VDE-2025-054) is hosted at certvde.com; no further mitigation details are supplied in the available data. The associated EPSS score remains flat at 0.0118 with no material increase since disclosure.

EU & UK References

Vulnerability details

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Vulnerability enables low-privileged file replacement in watchdog component leading directly to privilege escalation and full device compromise (CWE-59 symlink/file resolution abuse).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-60710Shared CWE-59
CVE-2026-42834Shared CWE-59
CVE-2025-21373Shared CWE-59
CVE-2026-2627Shared CWE-59
CVE-2025-21419Shared CWE-59
CVE-2025-15319Shared CWE-59
CVE-2025-41667Shared CWE-59
CVE-2026-25906Shared CWE-59
CVE-2026-20610Shared CWE-59
CVE-2025-41668Shared CWE-59

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Restricts access to make changes to critical system components like the watchdog file, preventing low-privileged attackers from replacing it.

prevent

Enforces least privilege to ensure low-privileged remote users lack write access to critical files used by the watchdog process.

detect

Monitors the integrity of critical files such as the watchdog file to identify unauthorized replacements by attackers before initialization.

References