CVE-2025-3091 is a high-severity authorization bypass vulnerability affecting the mbCONNECT24 product by MB connect line. The vulnerability is classified under CWE-639, which involves authorization bypass through user-controlled keys. Specifically, a low-privileged remote attacker who already possesses the second factor (such as a 2FA token or device) associated with another user can exploit this flaw to log in as that user without needing to know the user's password. This indicates a critical weakness in the authentication and authorization logic of mbCONNECT24, where possession of the second factor alone is sufficient to bypass password verification. The vulnerability has a CVSS v3.1 base score of 7.5, reflecting high severity, with the vector AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. This means the attack can be performed remotely over the network but requires high attack complexity and low privileges, with no user interaction needed. The impact affects confidentiality, integrity, and availability, as unauthorized access to user accounts could lead to data exposure, unauthorized actions, and potential service disruption. No patches or known exploits in the wild have been reported as of the publication date (June 24, 2025). The affected version is listed as '0', which may indicate an initial or unspecified version, suggesting that all current versions might be vulnerable until patched. The vulnerability was reserved on April 1, 2025, and published shortly after, indicating recent discovery and disclosure.

For European organizations using mbCONNECT24, this vulnerability poses a significant risk. mbCONNECT24 is an industrial remote access and monitoring platform commonly used in industrial automation, manufacturing, and critical infrastructure sectors. Unauthorized access through this flaw could allow attackers to impersonate legitimate users, potentially gaining control over industrial devices, accessing sensitive operational data, or disrupting industrial processes. This could lead to operational downtime, safety hazards, intellectual property theft, and regulatory compliance violations under GDPR and other European cybersecurity regulations. The fact that the attacker needs possession of the second factor reduces the attack surface but does not eliminate risk, especially in environments where second factors might be shared, stolen, or otherwise compromised. The high impact on confidentiality, integrity, and availability makes this vulnerability particularly concerning for sectors such as energy, manufacturing, transportation, and critical infrastructure within Europe.

1. Immediate mitigation should include enforcing strict control and monitoring of second-factor devices or tokens to prevent unauthorized possession. 2. Implement additional authentication layers or anomaly detection systems to identify unusual login patterns or simultaneous logins from different locations. 3. Restrict remote access to mbCONNECT24 interfaces via network segmentation, VPNs, or IP whitelisting to reduce exposure. 4. Conduct thorough user education and awareness campaigns emphasizing the importance of safeguarding second-factor credentials. 5. Monitor logs for suspicious authentication attempts and implement alerting mechanisms. 6. Engage with MB connect line for timely updates and patches; prioritize patch deployment once available. 7. Consider temporary disabling or limiting use of second-factor authentication methods vulnerable to theft or duplication until a fix is applied. 8. Review and tighten authorization policies within mbCONNECT24 to ensure that possession of a second factor alone cannot grant access without password verification.