CVE-2025-41716 - Vulnerability Details - OpenCVE

The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Wago	Solution Builder

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2025-087

History

Thu, 25 Sep 2025 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wago Wago solution Builder
Vendors & Products		Wago Wago solution Builder

Wed, 24 Sep 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 24 Sep 2025 09:15:00 +0000

Type	Values Removed	Values Added
Description		The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
Title		Unauthenticated User Enumeration via Missing Authentication
Weaknesses		CWE-306
References		https://certvde.com/de/advisories/VDE-2025-087
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2025-09-24T09:04:33.971Z

Updated: 2025-09-24T13:03:53.265Z

Reserved: 2025-04-16T11:17:48.313Z

Link: CVE-2025-41716

Vulnrichment

Updated: 2025-09-24T13:03:49.356Z

NVD

Status : Awaiting Analysis

Published: 2025-09-24T09:15:31.023

Modified: 2025-09-24T18:11:24.520

Link: CVE-2025-41716

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41716", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.313Z", "datePublished": "2025-09-24T09:04:33.971Z", "dateUpdated": "2025-09-24T13:03:53.265Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Solution Builder", "vendor": "WAGO", "versions": [{"lessThan": "2.3.3", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.<br>"}], "value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-09-24T09:04:33.971Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-087"}], "source": {"advisory": "VDE-2025-087", "defect": ["CERT@VDE#641858"], "discovery": "UNKNOWN"}, "title": "Unauthenticated User Enumeration via Missing Authentication", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-24T13:03:29.670633Z", "id": "CVE-2025-41716", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-24T13:03:53.265Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-24T13:03:29.670633Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-24T13:03:49.356Z"}}], "cna": {"title": "Unauthenticated User Enumeration via Missing Authentication", "source": {"defect": ["CERT@VDE#641858"], "advisory": "VDE-2025-087", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WAGO", "product": "Solution Builder", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "2.3.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-087"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.", "supportingMedia": [{"type": "text/html", "value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-09-24T09:04:33.971Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41716", "state": "PUBLISHED", "dateUpdated": "2025-09-24T13:03:53.265Z", "dateReserved": "2025-04-16T11:17:48.313Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-09-24T09:04:33.971Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}