Cyber Resilience

CVE-2025-41668

High

Published: 08 July 2025

Published
08 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0118 79.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41668 is a high-severity Link Following (CWE-59) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2025-41668 is a link-following vulnerability (CWE-59) affecting the security-profile service on a device. A low-privileged remote attacker who already possesses file access on the target can substitute a critical file or directory used by the service, resulting in full read, write, and execute rights over arbitrary files on the system. The flaw carries a CVSS 3.1 score of 8.8.

An attacker meeting the prerequisite of file access can exploit the issue over the network without user interaction to achieve complete control of file system contents. The EPSS score remains flat at 0.0118 with no material increase since disclosure.

The issue is tracked in the advisory published at https://certvde.com/en/advisories/VDE-2025-054.

EU & UK References

Vulnerability details

A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CWE-59 symlink/path resolution flaw directly enables local/remote privilege escalation to full file system read/write/execute access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-60710Shared CWE-59
CVE-2026-42834Shared CWE-59
CVE-2025-21373Shared CWE-59
CVE-2026-2627Shared CWE-59
CVE-2025-21419Shared CWE-59
CVE-2025-15319Shared CWE-59
CVE-2025-41667Shared CWE-59
CVE-2026-25906Shared CWE-59
CVE-2026-20610Shared CWE-59
CVE-2025-63945Shared CWE-59

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Employs least privilege to ensure low-privileged attackers lack write access to critical security-profile files or folders, preventing replacement and escalation.

prevent

Restricts access to make changes to critical system components like security-profile files, blocking low-privileged replacement exploits.

detect

Monitors integrity of critical files and folders used by the security-profile to identify unauthorized replacements by low-privileged attackers.

References