Skip to main content

CVE-2025-41653: CWE-410 Insufficient Resource Pool in Weidmueller IE-SW-VL05M-5TX

High
VulnerabilityCVE-2025-41653cvecve-2025-41653cwe-410
Published: Tue May 27 2025 (05/27/2025, 08:38:29 UTC)
Source: CVE Database V5
Vendor/Project: Weidmueller
Product: IE-SW-VL05M-5TX

Description

An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.

AI-Powered Analysis

AILast updated: 07/11/2025, 11:48:48 UTC

Technical Analysis

CVE-2025-41653 is a high-severity denial-of-service (DoS) vulnerability affecting the Weidmueller IE-SW-VL05M-5TX industrial Ethernet switch. The vulnerability stems from insufficient resource pool management (CWE-410) in the device's embedded web server. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted HTTP request containing a malicious header. This malformed request triggers resource exhaustion or improper handling within the web server, causing it to crash or become unresponsive. Since the vulnerability requires no authentication or user interaction and can be exploited remotely over the network, it presents a significant risk to availability. The affected product version is 0.0.0, which likely refers to initial or early firmware releases. The CVSS v3.1 base score is 7.5, reflecting a high severity due to network attack vector, no privileges required, no user interaction, and a complete loss of availability without impact on confidentiality or integrity. No patches or known exploits in the wild are currently reported, but the vulnerability is publicly disclosed as of May 27, 2025. Given the role of the IE-SW-VL05M-5TX as an industrial Ethernet switch, this vulnerability could disrupt network communications in industrial control systems or critical infrastructure environments where these devices are deployed.

Potential Impact

For European organizations, especially those in industrial sectors such as manufacturing, energy, transportation, and utilities, this vulnerability poses a significant threat to operational continuity. The IE-SW-VL05M-5TX is an industrial Ethernet switch used to interconnect devices in operational technology (OT) networks. A successful DoS attack could cause network outages, interrupting communication between critical control systems and devices. This disruption may lead to production downtime, safety risks, and financial losses. Since the attack requires no authentication and can be launched remotely, threat actors could exploit this vulnerability to cause targeted disruptions or as part of broader cyberattacks against industrial environments. The lack of confidentiality or integrity impact reduces the risk of data theft or manipulation, but the availability impact alone can have severe consequences in time-sensitive industrial processes. European organizations with interconnected OT and IT networks may also face challenges in incident response and recovery due to the specialized nature of these devices.

Mitigation Recommendations

1. Immediate network segmentation: Isolate the affected IE-SW-VL05M-5TX devices from general IT networks and restrict access to their management interfaces to trusted hosts only. 2. Implement strict firewall rules: Block unsolicited inbound HTTP requests to the device’s web server from untrusted sources to prevent exploitation attempts. 3. Monitor network traffic: Deploy intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous HTTP headers or malformed requests targeting the device. 4. Vendor engagement: Contact Weidmueller for official patches or firmware updates addressing CVE-2025-41653 and apply them promptly once available. 5. Incident response planning: Prepare for potential DoS incidents by establishing failover mechanisms and backup communication paths to maintain operational continuity. 6. Device inventory and risk assessment: Identify all deployed IE-SW-VL05M-5TX units and assess their criticality within the network to prioritize mitigation efforts. 7. Disable or restrict the web server interface if not required for device management, or replace it with more secure management methods such as SSH or dedicated management networks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERTVDE
Date Reserved
2025-04-16T11:17:48.306Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6835ae13182aa0cae20f9ccc

Added to database: 5/27/2025, 12:20:35 PM

Last enriched: 7/11/2025, 11:48:48 AM

Last updated: 8/18/2025, 3:00:46 PM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats