ID
VAR-202507-2461
CVE
CVE-2025-41681
TITLE
MB CONNECT LINE mbNET.mini Cross-Site Scripting Vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2025-21148
DESCRIPTION
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. Detailed vulnerability details are currently unavailable
Trust: 1.44
sources:
NVD: CVE-2025-41681 //
CNVD: CNVD-2025-21148
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2025-21148
AFFECTED PRODUCTS
| vendor: | mb | model: | connect line mbnet.mini | scope: | lt | version: | 2.3.3 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-21148
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2025-21148 //
NVD: CVE-2025-41681
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.0 |
sources:
NVD: CVE-2025-41681
PATCH
| title: | Patch for MB CONNECT LINE mbNET.mini Cross-Site Scripting Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/731066 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-21148
EXTERNAL IDS
| db: | CERT@VDE | id: | VDE-2025-058 | Trust: 1.6 |
| db: | NVD | id: | CVE-2025-41681 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2025-21148 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-21148 //
NVD: CVE-2025-41681
REFERENCES
| url: | https://certvde.com/de/advisories/vde-2025-058 | Trust: 1.6 |
sources:
CNVD: CNVD-2025-21148 //
NVD: CVE-2025-41681
SOURCES
| db: | CNVD | id: | CNVD-2025-21148 |
| db: | NVD | id: | CVE-2025-41681 |
LAST UPDATE DATE
2025-09-13T23:14:04.019000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-21148 | date: | 2025-09-12T00:00:00 |
| db: | NVD | id: | CVE-2025-41681 | date: | 2025-07-22T13:06:07.260 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-21148 | date: | 2025-09-11T00:00:00 |
| db: | NVD | id: | CVE-2025-41681 | date: | 2025-07-21T10:15:25.293 |