CVE-2025-41687— Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API

CVSS 9.8 · Critical EPSS 0.16% · P36 Updated Jul 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-41687

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API

Source: NVD (National Vulnerability Database)

Vulnerability Description

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

栈缓冲区溢出

Source: NVD (National Vulnerability Database)

Vulnerability Title

Weidmueller多款产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Weidmueller IE-SR-2TX-WL等都是德国Weidmueller公司的一款工业级安全路由器。 Weidmueller多款产品存在安全漏洞，该漏洞源于u-link管理API中的栈缓冲区溢出，可能导致完全访问权限。以下产品受到影响：IE-SR-2TX-WL、IE-SR-2TX-WL-4G-EU 和IE-SR-2TX-WL-4G-US-V。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE
Weidmueller	IE-SR-2TX-WL	V0.0 ~ V1.49	-
Weidmueller	IE-SR-2TX-WL-4G-EU	V0.0 ~ V1.62	-
Weidmueller	IE-SR-2TX-WL-4G-US-V	V0.0 ~ V1.62	-

II. Public POCs for CVE-2025-41687

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-41687

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-41687

Same Patch Batch · Weidmueller · 2025-07-23 · 3 CVEs total

CVE-2025-41684	8.8 HIGH	Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint
CVE-2025-41683	8.8 HIGH	Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

IV. Related Vulnerabilities

Same product: IE-SR-2TX-WL

Same vendor: Weidmueller

Same weakness: CWE-121

V. Comments for CVE-2025-41687

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-41687— Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API

I. Basic Information for CVE-2025-41687

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2025-41687

III. Intelligence Information for CVE-2025-41687

Same Patch Batch · Weidmueller · 2025-07-23 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-41687

Leave a comment