CVE-2025-41709

Critical

Published: 10 March 2026

Published

10 March 2026

Modified

18 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0056 68.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the command injection flaw in Modbus-TCP/RTU handling by applying vendor-specific patches or workarounds from CERT VDE advisories.

SI-10 Information Input Validation good match

prevent

Validates and sanitizes specially crafted Modbus-TCP/RTU inputs to prevent command injection exploitation.

SC-7 Boundary Protection partial match

prevent

Enforces network boundary protections to restrict unauthenticated remote access to the vulnerable Modbus service.

Security SummaryAI

CVE-2025-41709 is a command injection vulnerability (CWE-78) that affects certain devices supporting Modbus-TCP or Modbus-RTU protocols from vendors Janitza and Weidmueller, as documented in CERT VDE advisories VDE-2025-079 and VDE-2025-096. Published on 2026-03-10, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low attack complexity, and lack of prerequisites.

An unauthenticated remote attacker can exploit the vulnerability by sending specially crafted Modbus-TCP or Modbus-RTU messages over the network. Successful exploitation enables command injection, granting the attacker read and write access on the affected device and potentially leading to complete compromise with high impacts on confidentiality, integrity, and availability.

Mitigation guidance is provided in the referenced advisories, including https://certvde.com/en/advisories/VDE-2025-079/ and its CSAF document for Janitza products, as well as https://certvde.com/en/advisories/VDE-2025-096/ and its CSAF document for Weidmueller products. Security practitioners should consult these sources for vendor-specific patches, workarounds, or configuration recommendations.

Details

CWE(s): CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote command injection via crafted Modbus-TCP/RTU messages over the network directly enables exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://certvde.com/en/advisories/VDE-2025-079/
info@cert.vde.com
https://certvde.com/en/advisories/VDE-2025-096/
info@cert.vde.com
https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
info@cert.vde.com
https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
info@cert.vde.com