Skip to main content

CVE-2025-25264: CWE-942 Permissive Cross-domain Policy with Untrusted Domains in WAGO CC100 0751-9x01

High
VulnerabilityCVE-2025-25264cvecve-2025-25264cwe-942
Published: Mon Jun 16 2025 (06/16/2025, 09:45:31 UTC)
Source: CVE Database V5
Vendor/Project: WAGO
Product: CC100 0751-9x01

Description

An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.

AI-Powered Analysis

AILast updated: 06/16/2025, 10:19:49 UTC

Technical Analysis

CVE-2025-25264 is a high-severity vulnerability affecting the WAGO CC100 0751-9x01 product, specifically related to an overly permissive Cross-Origin Resource Sharing (CORS) policy. The vulnerability is classified under CWE-942, which pertains to permissive cross-domain policies that allow untrusted domains to access resources. In this case, the device's CORS configuration does not properly restrict which external domains can interact with it, enabling an unauthenticated remote attacker to exploit this misconfiguration. By leveraging the permissive CORS policy, the attacker can issue cross-origin requests and read sensitive responses from the device, potentially exposing confidential information or enabling further attack vectors such as session hijacking, data exfiltration, or manipulation of device behavior. The vulnerability requires no user interaction and no authentication, making it easier to exploit remotely over the network. The CVSS 3.1 score of 8.8 reflects the critical impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no known exploits have been reported in the wild yet, the nature of the vulnerability and the affected product's role in industrial automation and control systems (ICS) make it a significant risk. The lack of available patches at the time of publication further increases the urgency for mitigation and risk management.

Potential Impact

For European organizations, especially those operating in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a serious threat. The WAGO CC100 0751-9x01 is commonly used in programmable logic controllers (PLCs) and automation controllers, which are integral to operational technology (OT) environments. Exploitation could lead to unauthorized disclosure of sensitive operational data, manipulation of control commands, and disruption of industrial processes. This can result in operational downtime, safety hazards, financial losses, and damage to reputation. Given the interconnected nature of modern industrial networks and the increasing convergence of IT and OT, a successful attack exploiting this vulnerability could also serve as a foothold for lateral movement and more extensive cyberattacks. European organizations with critical infrastructure components relying on WAGO devices may face regulatory scrutiny under frameworks such as NIS2 and GDPR if sensitive data is compromised or service availability is impacted.

Mitigation Recommendations

1. Immediate network segmentation: Isolate WAGO CC100 0751-9x01 devices from general IT networks and restrict access to trusted management networks only. 2. Implement strict firewall rules to limit inbound and outbound traffic to and from these devices, allowing only necessary protocols and IP addresses. 3. Monitor network traffic for unusual cross-origin requests or data flows that could indicate exploitation attempts. 4. Disable or restrict CORS policies on the device if configurable, or apply web application firewalls (WAFs) capable of enforcing domain restrictions on HTTP headers. 5. Engage with WAGO support and subscribe to their security advisories for timely patches or firmware updates addressing this vulnerability. 6. Conduct regular security assessments and penetration tests focusing on OT environments to detect similar misconfigurations. 7. Employ intrusion detection systems (IDS) tailored for OT to detect anomalous behavior related to this vulnerability. 8. Train OT personnel on cybersecurity best practices and incident response specific to ICS vulnerabilities. These steps go beyond generic advice by focusing on OT-specific controls and proactive monitoring tailored to the affected product and environment.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERTVDE
Date Reserved
2025-02-06T12:30:08.317Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 684fec2ca8c921274383f273

Added to database: 6/16/2025, 10:04:28 AM

Last enriched: 6/16/2025, 10:19:49 AM

Last updated: 8/13/2025, 1:44:45 AM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats