CVE-2025-41719

CVE-2025-41719, published on 2025-10-22, is a vulnerability in the webserver users storage on the affected device. A low-privileged remote attacker can corrupt this storage by submitting a sequence of unsupported characters, resulting in the deletion of all previously configured users and the automatic creation of a default Administrator account with a known default password. The issue is rated 8.8 on the CVSS v3.1 scale (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-1286 (Improper Validation of Syntactic Correctness of Input).

A low-privileged remote attacker with network access can exploit this vulnerability without user interaction. By crafting input containing unsupported characters, the attacker triggers corruption of the user storage, wiping out existing user configurations and resetting the system to a default Administrator account protected by a known password. This grants the attacker high-impact confidentiality, integrity, and availability compromise, potentially enabling full control over the device.

The primary advisory reference is available at https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json, which provides details on mitigation strategies, patches, or workarounds for affected Sauter devices. Security practitioners should consult this CSAF document for specific remediation guidance.