CVE-2025-41716

CWE-306Missing Authentication4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 89.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wago Solution Builder
Timeline
PublishedSep 24

Description

The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5wago/solution_builder0.0.02.3.3

🔴Vulnerability Details

2
CVEList
Unauthenticated User Enumeration via Missing Authentication2025-09-24
GHSA
GHSA-xmf5-4wmv-38v8: The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to m2025-09-24

📋Vendor Advisories

1
Microsoft
Unsanitized NUL in environment variables on Windows in syscall and os/exec2022-11-08
CVE-2025-41716 (MEDIUM CVSS 5.3) | The web application allows an unaut | cvebase.io