Browse all 4 CVE security advisories affecting Viessmann. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Viessmann specializes in heating, ventilation, and cooling systems for residential and commercial applications. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from web interfaces and insufficient input validation. The company maintains a notable security presence with four CVEs on record, though no major public incidents have been widely reported. Their systems typically require network access for remote management, creating potential attack surfaces if not properly secured. Viessmann's focus on industrial control systems means vulnerabilities could impact operational technology environments, making security updates particularly critical for maintaining both system integrity and safety functions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-9495 | Viessmann Vitogate 300 Authentication Bypass — Vitogate 300CWE-602 | 9.8AI | CriticalAI | 2025-09-23 |
| CVE-2025-9494 | Viessmann Vitogate 300 OS Command Injection — Vitogate 300CWE-78 | 8.8AI | HighAI | 2025-09-23 |
| CVE-2023-5702 | Viessmann Vitogate 300 direct request — Vitogate 300CWE-425 | 4.3 | Medium | 2023-10-23 |
| CVE-2023-5222 | Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password — Vitogate 300CWE-259 | 6.3 | Medium | 2023-09-27 |
This page lists every published CVE security advisory associated with Viessmann. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.