CVE-2025-41708

Severity CVSS v4.0:

Pending analysis

Type:

CWE-319 Cleartext Transmission of Sensitive Information

Publication date:

08/09/2025

Last modified:

08/09/2025

Description

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS v3.1 Severity and Metrics:

Base Score: 7.40 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): None

Base Score 3.x

7.40

Severity 3.x

HIGH

References to Advisories, Solutions, and Tools

https://certvde.com/de/advisories/VDE-2025-084