Cyber Resilience

CVE-2025-41719

High

Published: 22 October 2025

Published
22 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41719 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-41719, published on 2025-10-22, is a vulnerability in the webserver users storage on the affected device. A low-privileged remote attacker can corrupt this storage by submitting a sequence of unsupported characters, resulting in the deletion of all previously configured users and the automatic creation of a default Administrator account with a known default password. The issue is rated 8.8 on the CVSS v3.1 scale (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-1286 (Improper Validation of Syntactic Correctness of Input).

A low-privileged remote attacker with network access can exploit this vulnerability without user interaction. By crafting input containing unsupported characters, the attacker triggers corruption of the user storage, wiping out existing user configurations and resetting the system to a default Administrator account protected by a known password. This grants the attacker high-impact confidentiality, integrity, and availability compromise, potentially enabling full control over the device.

The primary advisory reference is available at https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json, which provides details on mitigation strategies, patches, or workarounds for affected Sauter devices. Security practitioners should consult this CSAF document for specific remediation guidance.

EU & UK References

Vulnerability details

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known…

more

default password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Vulnerability in public-facing webserver enables remote exploitation (T1190) for privilege escalation via user account deletion and default admin creation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24091Shared CWE-1286
CVE-2026-40198Shared CWE-1286
CVE-2026-24092Shared CWE-1286
CVE-2026-24087Shared CWE-1286
CVE-2025-59785Shared CWE-1286
CVE-2026-21917Shared CWE-1286
CVE-2026-33778Shared CWE-1286
CVE-2025-0638Shared CWE-1286
CVE-2026-6442Shared CWE-1286
CVE-2025-22868Shared CWE-1286

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of information inputs to the webserver users storage, directly preventing corruption from unsupported characters as described in CWE-1286.

prevent

Mandates identification, reporting, and timely remediation of security flaws like this input validation vulnerability, including application of vendor patches.

prevent

Provides account management functions to protect against unauthorized deletion of configured users and improper creation of default administrator accounts.

References