cbcvebase.
CVE-2025-41656
published 2025-07-01

CVE-2025-41656: An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server…

PriorityP184critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
9.95%
95.0th percentile
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.

Affected

1 ranges
VendorProductVersion rangeFixed in
pilzindustrialpi_4_with_firmware_bullseye<= 2024-08
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.