CVE-2025-41661 is a high-severity vulnerability identified in the Weidmueller IE-SR-2TX-WL industrial device. The vulnerability is classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) weakness. Specifically, the device lacks adequate CSRF protection mechanisms, allowing an unauthenticated remote attacker to execute arbitrary commands with root privileges. This means that an attacker can craft malicious web requests that, when executed by a legitimate user’s browser or network context, cause the device to perform unauthorized actions at the highest privilege level without requiring authentication. The CVSS v3.1 score of 8.8 reflects the critical nature of the vulnerability, with attack vector being network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is required (UI:R). The impact on confidentiality, integrity, and availability is rated high (C:H/I:H/A:H), indicating that exploitation could lead to full system compromise, data leakage, and service disruption. The vulnerability affects version 0 of the product, which likely refers to initial or current firmware versions. No patches or known exploits are currently documented, but the potential for exploitation remains significant given the device’s role in industrial environments. The IE-SR-2TX-WL is typically used in industrial automation and control systems, making this vulnerability particularly concerning for operational technology (OT) networks where security controls may be less mature than in IT environments. The lack of CSRF protection suggests that the device’s web interface does not validate the origin or authenticity of requests, enabling attackers to trick users into executing harmful commands via crafted web pages or network requests.

For European organizations, especially those in manufacturing, energy, utilities, and critical infrastructure sectors that deploy Weidmueller IE-SR-2TX-WL devices, this vulnerability poses a significant risk. Exploitation could lead to unauthorized control over industrial equipment, resulting in operational disruptions, safety hazards, and potential physical damage. The ability to execute commands as root could allow attackers to alter device configurations, disable security controls, or pivot within the network to compromise additional systems. Confidentiality breaches could expose sensitive operational data, while integrity violations could corrupt control logic or sensor readings, undermining trust in automated processes. Availability impacts could cause downtime or unsafe conditions, affecting production lines or critical services. Given the device’s role in OT environments, recovery and incident response may be complex and costly. Furthermore, regulatory compliance requirements in Europe, such as NIS2 Directive and GDPR, may impose additional obligations on organizations to manage and report such security incidents. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits rapidly once details are public.

Organizations should immediately inventory their networks to identify any Weidmueller IE-SR-2TX-WL devices and assess their firmware versions. Since no patches are currently available, compensating controls are critical. These include isolating affected devices within segmented and monitored OT networks, restricting access to device management interfaces to trusted hosts and users only, and implementing strict network-level controls such as firewall rules and intrusion detection/prevention systems tuned to detect anomalous command patterns. User education is important to prevent inadvertent triggering of CSRF attacks, such as avoiding browsing untrusted websites from networks with access to these devices. Where possible, disable or restrict web interface access or replace it with more secure management methods. Organizations should engage with Weidmueller to obtain timelines for patches or firmware updates and plan for prompt deployment once available. Regularly monitoring vendor advisories and threat intelligence feeds for exploit developments is also recommended. Finally, implementing multi-factor authentication and logging all administrative actions can help detect and mitigate potential exploitation attempts.