CVE-2025-41709
Published: 10 March 2026
Summary
CVE-2025-41709 is a critical-severity OS Command Injection (CWE-78) vulnerability in Certvde (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-41709 is a command injection vulnerability (CWE-78) that affects certain devices supporting Modbus-TCP or Modbus-RTU protocols from vendors Janitza and Weidmueller, as documented in CERT VDE advisories VDE-2025-079 and VDE-2025-096. Published on 2026-03-10, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low attack complexity, and lack of prerequisites.
An unauthenticated remote attacker can exploit the vulnerability by sending specially crafted Modbus-TCP or Modbus-RTU messages over the network. Successful exploitation enables command injection, granting the attacker read and write access on the affected device and potentially leading to complete compromise with high impacts on confidentiality, integrity, and availability.
Mitigation guidance is provided in the referenced advisories, including https://certvde.com/en/advisories/VDE-2025-079/ and its CSAF document for Janitza products, as well as https://certvde.com/en/advisories/VDE-2025-096/ and its CSAF document for Weidmueller products. Security practitioners should consult these sources for vendor-specific patches, workarounds, or configuration recommendations.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208465
Vulnerability details
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote command injection via crafted Modbus-TCP/RTU messages over the network directly enables exploitation of a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the command injection flaw in Modbus-TCP/RTU handling by applying vendor-specific patches or workarounds from CERT VDE advisories.
Validates and sanitizes specially crafted Modbus-TCP/RTU inputs to prevent command injection exploitation.
Enforces network boundary protections to restrict unauthenticated remote access to the vulnerable Modbus service.