CVE-2025-41715Missing Authentication for Critical Function in Device Sphere

CWE-306Missing Authentication for Critical Function4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 65.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wago Device SphereWago Solution Builder
Timeline
PublishedSep 24

Description

The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5wago/device_sphere0.0.01.1.0
CVEListV5wago/solution_builder0.0.02.3.3

🔴Vulnerability Details

2
CVEList
Missing Authentication for Database Access in Web Application2025-09-24
GHSA
GHSA-hwp7-72wv-8w95: The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and po2025-09-24

📋Vendor Advisories

1
Microsoft
Memory exhaustion when compiling regular expressions in regexp/syntax2022-10-11
CVE-2025-41715 — Wago Device Sphere vulnerability | cvebase