CVE-2025-41661: CWE-352 Cross-Site Request Forgery (CSRF) in Weidmueller IE-SR-2TX-WL
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
AI Analysis
Technical Summary
CVE-2025-41661 is a high-severity vulnerability identified in the Weidmueller IE-SR-2TX-WL industrial device. The vulnerability is classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) weakness. Specifically, the device lacks adequate CSRF protection mechanisms, allowing an unauthenticated remote attacker to execute arbitrary commands with root privileges. This means that an attacker can craft malicious web requests that, when executed by a legitimate user’s browser or network context, cause the device to perform unauthorized actions at the highest privilege level without requiring authentication. The CVSS v3.1 score of 8.8 reflects the critical nature of the vulnerability, with attack vector being network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is required (UI:R). The impact on confidentiality, integrity, and availability is rated high (C:H/I:H/A:H), indicating that exploitation could lead to full system compromise, data leakage, and service disruption. The vulnerability affects version 0 of the product, which likely refers to initial or current firmware versions. No patches or known exploits are currently documented, but the potential for exploitation remains significant given the device’s role in industrial environments. The IE-SR-2TX-WL is typically used in industrial automation and control systems, making this vulnerability particularly concerning for operational technology (OT) networks where security controls may be less mature than in IT environments. The lack of CSRF protection suggests that the device’s web interface does not validate the origin or authenticity of requests, enabling attackers to trick users into executing harmful commands via crafted web pages or network requests.
Potential Impact
For European organizations, especially those in manufacturing, energy, utilities, and critical infrastructure sectors that deploy Weidmueller IE-SR-2TX-WL devices, this vulnerability poses a significant risk. Exploitation could lead to unauthorized control over industrial equipment, resulting in operational disruptions, safety hazards, and potential physical damage. The ability to execute commands as root could allow attackers to alter device configurations, disable security controls, or pivot within the network to compromise additional systems. Confidentiality breaches could expose sensitive operational data, while integrity violations could corrupt control logic or sensor readings, undermining trust in automated processes. Availability impacts could cause downtime or unsafe conditions, affecting production lines or critical services. Given the device’s role in OT environments, recovery and incident response may be complex and costly. Furthermore, regulatory compliance requirements in Europe, such as NIS2 Directive and GDPR, may impose additional obligations on organizations to manage and report such security incidents. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits rapidly once details are public.
Mitigation Recommendations
Organizations should immediately inventory their networks to identify any Weidmueller IE-SR-2TX-WL devices and assess their firmware versions. Since no patches are currently available, compensating controls are critical. These include isolating affected devices within segmented and monitored OT networks, restricting access to device management interfaces to trusted hosts and users only, and implementing strict network-level controls such as firewall rules and intrusion detection/prevention systems tuned to detect anomalous command patterns. User education is important to prevent inadvertent triggering of CSRF attacks, such as avoiding browsing untrusted websites from networks with access to these devices. Where possible, disable or restrict web interface access or replace it with more secure management methods. Organizations should engage with Weidmueller to obtain timelines for patches or firmware updates and plan for prompt deployment once available. Regularly monitoring vendor advisories and threat intelligence feeds for exploit developments is also recommended. Finally, implementing multi-factor authentication and logging all administrative actions can help detect and mitigate potential exploitation attempts.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Belgium, Poland, Sweden
CVE-2025-41661: CWE-352 Cross-Site Request Forgery (CSRF) in Weidmueller IE-SR-2TX-WL
Description
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
AI-Powered Analysis
Technical Analysis
CVE-2025-41661 is a high-severity vulnerability identified in the Weidmueller IE-SR-2TX-WL industrial device. The vulnerability is classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) weakness. Specifically, the device lacks adequate CSRF protection mechanisms, allowing an unauthenticated remote attacker to execute arbitrary commands with root privileges. This means that an attacker can craft malicious web requests that, when executed by a legitimate user’s browser or network context, cause the device to perform unauthorized actions at the highest privilege level without requiring authentication. The CVSS v3.1 score of 8.8 reflects the critical nature of the vulnerability, with attack vector being network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is required (UI:R). The impact on confidentiality, integrity, and availability is rated high (C:H/I:H/A:H), indicating that exploitation could lead to full system compromise, data leakage, and service disruption. The vulnerability affects version 0 of the product, which likely refers to initial or current firmware versions. No patches or known exploits are currently documented, but the potential for exploitation remains significant given the device’s role in industrial environments. The IE-SR-2TX-WL is typically used in industrial automation and control systems, making this vulnerability particularly concerning for operational technology (OT) networks where security controls may be less mature than in IT environments. The lack of CSRF protection suggests that the device’s web interface does not validate the origin or authenticity of requests, enabling attackers to trick users into executing harmful commands via crafted web pages or network requests.
Potential Impact
For European organizations, especially those in manufacturing, energy, utilities, and critical infrastructure sectors that deploy Weidmueller IE-SR-2TX-WL devices, this vulnerability poses a significant risk. Exploitation could lead to unauthorized control over industrial equipment, resulting in operational disruptions, safety hazards, and potential physical damage. The ability to execute commands as root could allow attackers to alter device configurations, disable security controls, or pivot within the network to compromise additional systems. Confidentiality breaches could expose sensitive operational data, while integrity violations could corrupt control logic or sensor readings, undermining trust in automated processes. Availability impacts could cause downtime or unsafe conditions, affecting production lines or critical services. Given the device’s role in OT environments, recovery and incident response may be complex and costly. Furthermore, regulatory compliance requirements in Europe, such as NIS2 Directive and GDPR, may impose additional obligations on organizations to manage and report such security incidents. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits rapidly once details are public.
Mitigation Recommendations
Organizations should immediately inventory their networks to identify any Weidmueller IE-SR-2TX-WL devices and assess their firmware versions. Since no patches are currently available, compensating controls are critical. These include isolating affected devices within segmented and monitored OT networks, restricting access to device management interfaces to trusted hosts and users only, and implementing strict network-level controls such as firewall rules and intrusion detection/prevention systems tuned to detect anomalous command patterns. User education is important to prevent inadvertent triggering of CSRF attacks, such as avoiding browsing untrusted websites from networks with access to these devices. Where possible, disable or restrict web interface access or replace it with more secure management methods. Organizations should engage with Weidmueller to obtain timelines for patches or firmware updates and plan for prompt deployment once available. Regularly monitoring vendor advisories and threat intelligence feeds for exploit developments is also recommended. Finally, implementing multi-factor authentication and logging all administrative actions can help detect and mitigate potential exploitation attempts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- CERTVDE
- Date Reserved
- 2025-04-16T11:17:48.307Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68493ca3cacb3d99bea60342
Added to database: 6/11/2025, 8:21:55 AM
Last enriched: 7/31/2025, 1:05:47 AM
Last updated: 8/18/2025, 1:22:23 AM
Views: 23
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.