CVE-2025-41664 is a high-severity vulnerability identified in the WAGO Coupler 0750-0362, an industrial automation component widely used in control systems. The vulnerability stems from CWE-732, which involves incorrect permission assignment for critical resources. Specifically, the issue arises due to improper permission handling during the runtime of services such as FTP and SFTP. This misconfiguration allows a low-privileged remote attacker to gain unauthorized access to sensitive resources, including firmware and security certificates. Once accessed, the attacker can escalate privileges and potentially modify the firmware, which could lead to persistent compromise of the device. The vulnerability has a CVSS 3.1 base score of 7.5, indicating a high impact on confidentiality, integrity, and availability. The attack vector is network-based (AV:N), requiring low privileges (PR:L) but high attack complexity (AC:H), and no user interaction (UI:N). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches have been published yet. This vulnerability is critical in the context of industrial control systems where firmware integrity and secure certificate management are paramount for operational safety and reliability.

For European organizations, especially those operating in critical infrastructure sectors such as energy, manufacturing, and utilities, this vulnerability poses a significant risk. Unauthorized access to firmware and certificates can lead to manipulation of device behavior, disruption of industrial processes, and potential safety hazards. Compromised firmware could enable attackers to create backdoors, disrupt communications, or cause physical damage through control system manipulation. The high impact on confidentiality, integrity, and availability means that sensitive operational data could be exposed or altered, leading to operational downtime and financial losses. Additionally, the lack of available patches increases the window of exposure. Given the increasing reliance on industrial automation in Europe and stringent regulatory requirements (e.g., NIS Directive), exploitation of this vulnerability could result in regulatory penalties and reputational damage.

Organizations should immediately conduct an inventory to identify the presence of WAGO Coupler 0750-0362 devices within their networks. Network segmentation should be enforced to isolate these devices from general IT networks and restrict access to trusted management hosts only. Access to FTP/SFTP services on these devices should be disabled if not strictly necessary or replaced with more secure transfer methods. Monitoring network traffic for unusual access patterns to these services can help detect potential exploitation attempts. Since no patches are currently available, applying compensating controls such as strict firewall rules, VPN access for management, and multi-factor authentication for administrative access is critical. Regular firmware integrity checks and certificate validation should be implemented to detect unauthorized modifications. Coordination with WAGO for timely patch releases and applying updates as soon as they become available is essential. Additionally, incident response plans should be updated to address potential firmware compromise scenarios.