CVE-2025-41673 identifies an OS command injection vulnerability (CWE-78) in the mbNET.mini product from MB connect line. The vulnerability exists in the handling of POST requests to the send_sms action, where user-supplied input is improperly sanitized before being incorporated into operating system commands. This improper neutralization of special characters allows a remote attacker with high privileges to inject arbitrary commands that the system executes with the same privileges as the vulnerable service. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), but demands high privileges (PR:H) and no user interaction (UI:N). The vulnerability affects all versions listed as 0.0.0, indicating it may be present in initial or early releases. The impact is severe, compromising confidentiality, integrity, and availability of the affected device and potentially the network it controls. The mbNET.mini is typically used in industrial automation and remote monitoring, making this vulnerability critical for operational technology environments. No patches or known exploits are currently available, but the risk remains significant due to the nature of the flaw and the privileged access required.

For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a substantial risk. Exploitation could lead to unauthorized command execution on mbNET.mini devices, potentially disrupting industrial processes, causing data breaches, or enabling lateral movement within networks. The high privileges required mean that attackers who have already gained elevated access can leverage this flaw to escalate control or sabotage operations. Given the widespread use of MB connect line products in European industrial environments, the vulnerability could impact operational continuity, safety systems, and sensitive data confidentiality. The lack of known exploits currently provides a window for proactive mitigation, but the potential for severe operational disruption and data compromise is significant.

Organizations should immediately inventory their deployments of mbNET.mini devices and restrict network access to management interfaces to trusted administrators only. Since no patches are currently available, disabling or restricting the send_sms functionality, if feasible, can reduce exposure. Implement strict input validation and sanitization on any interfaces interacting with mbNET.mini devices. Employ network segmentation to isolate vulnerable devices from critical systems and monitor network traffic for anomalous POST requests targeting the send_sms action. Use multi-factor authentication and limit high-privilege accounts to reduce the risk of privilege abuse. Maintain up-to-date backups and incident response plans tailored to industrial control systems. Monitor vendor communications closely for forthcoming patches or updates addressing this vulnerability.