Skip to main content

CVE-2025-41661

| EUVDEUVD-2025-18089 HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2025-06-11 info@cert.vde.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 21:09 euvd
EUVD-2025-18089
Analysis Generated
Mar 14, 2026 - 21:09 vuln.today
CVE Published
Jun 11, 2025 - 09:15 nvd
HIGH 8.8

DescriptionCVE.org

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.

AnalysisAI

Critical CSRF vulnerability affecting network devices that allows unauthenticated remote attackers to execute arbitrary commands with root privileges by exploiting missing CSRF protections. The vulnerability requires minimal user interaction and presents an exceptionally high real-world risk due to its network-accessible attack vector, root-level command execution capability, and lack of authentication requirements. Active exploitation status and proof-of-concept availability should be confirmed through CISA KEV and exploit databases, as this combination of factors (no auth + remote + root RCE) typically indicates urgent patch deployment.

Technical ContextAI

This vulnerability stems from CWE-352: Cross-Site Request Forgery (CSRF), a classic web security flaw where unprotected state-changing operations lack verification that requests originate from legitimate users. The affected devices lack proper CSRF token validation, SameSite cookie attributes, or request origin verification in their administrative interfaces. When combined with unauthenticated access (PR:N in CVSS), an attacker can craft malicious requests (via compromised websites, phishing emails, or network injection) that trick browsers or devices into executing administrative commands. The vulnerability likely affects embedded device management interfaces, router administration panels, or IoT device control APIs that fail to implement standard CSRF mitigations. Network-accessible administrative interfaces (AV:N) on devices typically running limited-privilege management daemons are the primary attack surface.

RemediationAI

Immediate remediation steps: (1) Contact the affected device vendor and obtain the latest security patch; apply patches to all affected devices immediately given the critical nature. (2) Implement network-level access controls: restrict administrative interface access to trusted networks, use VPN or firewall rules to limit exposure of management ports (typically 80, 443, 8080, 8443). (3) Enforce strong authentication: enable multi-factor authentication (MFA) if supported; use complex credentials. (4) Deploy CSRF protections if vendor updates are pending: ensure SameSite=Strict cookie attributes are set, implement CSRF token validation in administrative requests. (5) Monitor device logs for suspicious administrative command executions. Check the official vendor security advisory for specific patch versions and deployment procedures. Until patched, isolate affected devices or disable remote management access.

Share

CVE-2025-41661 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy