CVE-2025-41668
Published: 08 July 2025
Summary
CVE-2025-41668 is a high-severity Link Following (CWE-59) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).
Deeper analysis
CVE-2025-41668 is a link-following vulnerability (CWE-59) affecting the security-profile service on a device. A low-privileged remote attacker who already possesses file access on the target can substitute a critical file or directory used by the service, resulting in full read, write, and execute rights over arbitrary files on the system. The flaw carries a CVSS 3.1 score of 8.8.
An attacker meeting the prerequisite of file access can exploit the issue over the network without user interaction to achieve complete control of file system contents. The EPSS score remains flat at 0.0118 with no material increase since disclosure.
The issue is tracked in the advisory published at https://certvde.com/en/advisories/VDE-2025-054.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20396
Vulnerability details
A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-59 symlink/path resolution flaw directly enables local/remote privilege escalation to full file system read/write/execute access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Employs least privilege to ensure low-privileged attackers lack write access to critical security-profile files or folders, preventing replacement and escalation.
Restricts access to make changes to critical system components like security-profile files, blocking low-privileged replacement exploits.
Monitors integrity of critical files and folders used by the security-profile to identify unauthorized replacements by low-privileged attackers.