Cyber Posture

CVE-2025-41726

High

Published: 27 January 2026

Published
27 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0027 50.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution…

more

within privileged processes.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the CVE by identifying, reporting, and remediating the integer overflow flaw in the Device Manager web service and API.

SI-10 Information Input Validation good match
prevent

Prevents low-privileged attackers from triggering integer overflows through specially crafted calls by validating all inputs to the web service and local API.

SI-16 Memory Protection partial match
prevent

Mitigates arbitrary code execution resulting from integer overflows by implementing memory protections such as address space layout randomization and stack guards in privileged processes.

Security SummaryAI

CVE-2025-41726 is an integer overflow vulnerability (CWE-190) affecting the web service of the Device Manager or a local API. A low privileged remote attacker can trigger the issue by sending specially crafted calls, leading to arbitrary code execution within privileged processes. The vulnerability received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

A low privileged remote attacker can exploit this vulnerability over the network by targeting the Device Manager's web service or locally via the API. Successful exploitation allows the attacker to cause integer overflows, potentially resulting in arbitrary code execution within privileged processes, thereby elevating access and compromising the system.

For mitigation details, refer to the advisory published by CERT VDE at https://certvde.com/de/advisories/VDE-2025-092. The CVE was published on 2026-01-27T12:15:57.400.

Details

CWE(s)
CWE-190

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Integer overflow in Device Manager web service enables remote low-privileged attackers to achieve arbitrary code execution in privileged processes, directly facilitating T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References