Cyber Posture

CVE-2025-41735

High

Published: 18 November 2025

Published
18 November 2025
Modified
21 November 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0030 53.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41735 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Metz-Connect Ewio2-M Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of uploaded files to block dangerous types and arbitrary placements, addressing the core missing file check vulnerability.

AC-3 Access Enforcement partial match
prevent

Enforces access controls to prevent low-privileged remote users from writing files to unauthorized system locations.

SI-9 Information Input Restrictions partial match
prevent

Restricts classes of allowed information inputs, such as prohibiting dangerous file types that could lead to RCE.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability enables unrestricted arbitrary file upload to any location, leading to remote code execution over the network, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.

Deeper analysisAI

CVE-2025-41735, published on 2025-11-18, is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). It arises from a missing file check that permits arbitrary file uploads to any location on the affected system, enabling remote code execution.

A low-privileged remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to achieve high confidentiality, integrity, and availability impacts, including full remote code execution on the target system.

For mitigation details, refer to the advisory at https://certvde.com/de/advisories/VDE-2025-097.

Details

CWE(s)
CWE-434

Affected Products

metz-connect
ewio2-m firmware
≤ 2.2.0
metz-connect
ewio2-m-bm firmware
≤ 2.2.0
metz-connect
ewio2-bm firmware
≤ 2.2.0

CVEs Like This One

CVE-2025-41734Same product: Metz-Connect Ewio2-Bm
CVE-2025-41736Same product: Metz-Connect Ewio2-Bm
CVE-2025-41733Same product: Metz-Connect Ewio2-Bm
CVE-2019-25580Shared CWE-434
CVE-2026-1358Shared CWE-434
CVE-2025-13062Shared CWE-434
CVE-2026-21536Shared CWE-434
CVE-2026-27636Shared CWE-434
CVE-2025-14390Shared CWE-434
CVE-2025-12352Shared CWE-434

References