CVE-2025-41719
Published: 22 October 2025
Summary
CVE-2025-41719 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of information inputs to the webserver users storage, directly preventing corruption from unsupported characters as described in CWE-1286.
Mandates identification, reporting, and timely remediation of security flaws like this input validation vulnerability, including application of vendor patches.
Provides account management functions to protect against unauthorized deletion of configured users and improper creation of default administrator accounts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing webserver enables remote exploitation (T1190) for privilege escalation via user account deletion and default admin creation (T1068).
NVD Description
A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known…
more
default password.
Deeper analysisAI
CVE-2025-41719, published on 2025-10-22, is a vulnerability in the webserver users storage on the affected device. A low-privileged remote attacker can corrupt this storage by submitting a sequence of unsupported characters, resulting in the deletion of all previously configured users and the automatic creation of a default Administrator account with a known default password. The issue is rated 8.8 on the CVSS v3.1 scale (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-1286 (Improper Validation of Syntactic Correctness of Input).
A low-privileged remote attacker with network access can exploit this vulnerability without user interaction. By crafting input containing unsupported characters, the attacker triggers corruption of the user storage, wiping out existing user configurations and resetting the system to a default Administrator account protected by a known password. This grants the attacker high-impact confidentiality, integrity, and availability compromise, potentially enabling full control over the device.
The primary advisory reference is available at https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json, which provides details on mitigation strategies, patches, or workarounds for affected Sauter devices. Security practitioners should consult this CSAF document for specific remediation guidance.
Details
- CWE(s)