CVE-2025-41672
CRITICALDescription
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-41672? +
How severe is CVE-2025-41672? +
How do I check if I'm vulnerable to CVE-2025-41672? +
Related Vulnerabilities
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when …
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default …
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by …
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific …
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the …
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel …