CVE-2025-41718
📋 TL;DR
This vulnerability allows unauthorized remote attackers to intercept login credentials transmitted in cleartext to affected products' Web-UI. Attackers can then use these credentials to gain unauthorized access to the system. Organizations using the vulnerable products are affected.
💻 Affected Systems
- Murrelektronik products with vulnerable Web-UI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to the system, potentially leading to complete system compromise, data theft, or disruption of operations.
Likely Case
Attackers capture valid credentials and gain unauthorized access to the Web-UI, potentially modifying configurations or accessing sensitive data.
If Mitigated
With proper network segmentation and monitoring, impact is limited to credential exposure requiring password resets.
🎯 Exploit Status
Exploitation requires network access to intercept cleartext traffic. No authentication needed to observe transmissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://murrelektronik.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-091.json
Restart Required: Yes
Instructions:
1. Review vendor advisory for affected products. 2. Download and apply vendor-provided firmware updates. 3. Restart affected devices. 4. Verify encryption is enabled for Web-UI access.
🔧 Temporary Workarounds
Enable HTTPS/TLS
allForce Web-UI to use encrypted HTTPS connections instead of HTTP
Configure device to use HTTPS only
Disable HTTP access if possible
Network Segmentation
allIsolate affected devices to prevent unauthorized network access
Implement VLAN segmentation
Configure firewall rules to restrict access
🧯 If You Can't Patch
- Isolate affected systems in separate network segments with strict access controls
- Implement network monitoring to detect credential interception attempts
🔍 How to Verify
Check if Vulnerable:
Use network monitoring tools to check if Web-UI authentication traffic is transmitted in cleartext (HTTP instead of HTTPS)Check Version:
Check device firmware version via Web-UI or CLI (vendor-specific commands)Verify Fix Applied:
Verify Web-UI now uses HTTPS/TLS encryption and no cleartext authentication traffic is visible📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts from new IPs
- Successful logins from unexpected locations
Network Indicators:
- Cleartext HTTP authentication traffic to device Web-UI
- Unusual outbound connections from device
SIEM Query:
source_ip="device_ip" AND (protocol="HTTP" AND uri CONTAINS "login" OR "auth")