CVE-2025-41690

{"id": "CVE-2025-41690", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.5}]}, "published": "2025-09-02T08:15:30.583", "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-068", "source": "info@cert.vde.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device\u2019s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters."}], "lastModified": "2025-09-02T15:55:25.420", "sourceIdentifier": "info@cert.vde.com"}