CVE-2025-41451

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system.

CVSS

No CVSS.

References

Link	Resource
https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-22 03:15

Updated : 2025-08-22 18:08

NVD link : CVE-2025-41451

Mitre link : CVE-2025-41451

CVE.ORG link : CVE-2025-41451

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2025-41451", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "d7ff35af-cf88-454c-bab9-af60602f10f8", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-22T03:15:29.980", "references": [{"url": "https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview", "source": "d7ff35af-cf88-454c-bab9-af60602f10f8"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "d7ff35af-cf88-454c-bab9-af60602f10f8", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series\u00a0prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de los campos de configuraci\u00f3n de alarma a correo utilizados en un comando de shell del sistema operativo ('Inyecci\u00f3n de comando') en Danfoss AK-SM8xxA Series anterior a la versi\u00f3n 4.3.1, lo que conduce a una posible ejecuci\u00f3n de c\u00f3digo remoto autenticado posteriormente en un sistema atacado."}], "lastModified": "2025-08-22T18:08:51.663", "sourceIdentifier": "d7ff35af-cf88-454c-bab9-af60602f10f8"}

CVE-2025-41451

JSON object

Attach tags to CVE-2025-41451

Attach tags to `CVE-2025-41451`