Details of VAR-202507-2459

ID

VAR-202507-2459

CVE

CVE-2025-41675

TITLE

MB CONNECT LINE mbNET.mini Operating System Command Injection Vulnerability (CNVD-2025-21143)

Trust: 0.6

sources: CNVD: CNVD-2025-21143

DESCRIPTION

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini has an operating system command injection vulnerability. This vulnerability stems from improperly neutralizing special elements in OS commands. An attacker could exploit this vulnerability to execute arbitrary system commands

Trust: 1.44

sources: NVD: CVE-2025-41675 // CNVD: CNVD-2025-21143

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21143

AFFECTED PRODUCTS

vendor:

model:

connect line mbnet.mini

scope:

version:

2.3.3

Trust: 0.6

sources: CNVD: CNVD-2025-21143

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com:	CVE-2025-41675
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-21143
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21143
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

info@cert.vde.com:	CVE-2025-41675
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-21143 // NVD: CVE-2025-41675

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2025-41675

PATCH

title:

Patch for MB CONNECT LINE mbNET.mini Operating System Command Injection Vulnerability (CNVD-2025-21143)

url:

https://www.cnvd.org.cn/patchInfo/show/731041

Trust: 0.6

sources: CNVD: CNVD-2025-21143

EXTERNAL IDS

db:	CERT@VDE	id:	VDE-2025-058	Trust: 1.6
db:	NVD	id:	CVE-2025-41675	Trust: 1.6
db:	CNVD	id:	CNVD-2025-21143	Trust: 0.6

sources: CNVD: CNVD-2025-21143 // NVD: CVE-2025-41675

REFERENCES

url:

https://certvde.com/de/advisories/vde-2025-058

Trust: 1.6

sources: CNVD: CNVD-2025-21143 // NVD: CVE-2025-41675

SOURCES

db:	CNVD	id:	CNVD-2025-21143
db:	NVD	id:	CVE-2025-41675

LAST UPDATE DATE

2025-09-13T23:14:04.116000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21143	date:	2025-09-12T00:00:00
db:	NVD	id:	CVE-2025-41675	date:	2025-07-22T13:06:07.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21143	date:	2025-09-11T00:00:00
db:	NVD	id:	CVE-2025-41675	date:	2025-07-21T10:15:24.530