Cyber Resilience

CVE-2025-41726

High

Published: 27 January 2026

Published
27 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 33.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-41726 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-41726 is an integer overflow vulnerability (CWE-190) affecting the web service of the Device Manager or a local API. A low privileged remote attacker can trigger the issue by sending specially crafted calls, leading to arbitrary code execution within privileged processes. The vulnerability received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

A low privileged remote attacker can exploit this vulnerability over the network by targeting the Device Manager's web service or locally via the API. Successful exploitation allows the attacker to cause integer overflows, potentially resulting in arbitrary code execution within privileged processes, thereby elevating access and compromising the system.

For mitigation details, refer to the advisory published by CERT VDE at https://certvde.com/de/advisories/VDE-2025-092. The CVE was published on 2026-01-27T12:15:57.400.

EU & UK References

Vulnerability details

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution…

more

within privileged processes.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Integer overflow in Device Manager web service enables remote low-privileged attackers to achieve arbitrary code execution in privileged processes, directly facilitating T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-6473Shared CWE-190
CVE-2026-31633Shared CWE-190
CVE-2025-30404Shared CWE-190
CVE-2025-27918Shared CWE-190
CVE-2026-0031Shared CWE-190
CVE-2024-11347Shared CWE-190
CVE-2025-0587Shared CWE-190
CVE-2024-40765Shared CWE-190
CVE-2025-23016Shared CWE-190
CVE-2026-41416Shared CWE-190

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by identifying, reporting, and remediating the integer overflow flaw in the Device Manager web service and API.

prevent

Prevents low-privileged attackers from triggering integer overflows through specially crafted calls by validating all inputs to the web service and local API.

prevent

Mitigates arbitrary code execution resulting from integer overflows by implementing memory protections such as address space layout randomization and stack guards in privileged processes.

References