CVE-2025-41674 is a high-severity vulnerability classified under CWE-78, which pertains to improper neutralization of special elements used in OS commands, commonly known as OS Command Injection. This vulnerability affects the MB connect line product mbNET.mini. The flaw arises from insufficient sanitization of input parameters in the diagnostic action endpoint, which processes POST requests. A remote attacker with high privileges can exploit this vulnerability by injecting arbitrary system commands through specially crafted POST requests. Because the vulnerability allows execution of arbitrary commands on the underlying operating system, it compromises the confidentiality, integrity, and availability of the affected system. The CVSS v3.1 base score is 7.2, indicating a high severity level. The vector string (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) shows that the attack can be performed remotely over the network with low attack complexity, but requires high privileges and no user interaction. Successful exploitation can lead to full system compromise, data theft, manipulation, or service disruption. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting that mitigation may require vendor updates or configuration changes once available. The vulnerability was reserved in April 2025 and published in July 2025, indicating recent discovery and disclosure. Given the nature of mbNET.mini as an industrial communication device used in automation and remote access scenarios, this vulnerability poses a significant risk to operational technology environments where these devices are deployed.

For European organizations, especially those in industrial sectors such as manufacturing, energy, utilities, and critical infrastructure, this vulnerability presents a substantial threat. The mbNET.mini devices are commonly used for secure remote access and monitoring of industrial control systems (ICS). Exploitation could allow attackers to execute arbitrary commands on these devices, potentially leading to unauthorized control over industrial processes, data exfiltration, or disruption of critical services. This could result in operational downtime, safety hazards, financial losses, and regulatory non-compliance under frameworks like NIS2 and GDPR if sensitive data is compromised. The requirement for high privileges to exploit the vulnerability means that attackers would likely need to first gain elevated access, possibly through credential compromise or insider threats, but once achieved, the impact is severe. The lack of user interaction lowers the barrier for automated exploitation in targeted attacks. European organizations with extensive OT networks and reliance on MB connect line products should prioritize assessment and mitigation to prevent potential sabotage or espionage activities.

1. Immediate mitigation should include restricting network access to the diagnostic POST endpoint to trusted administrators only, ideally via network segmentation and firewall rules. 2. Implement strict access controls and multi-factor authentication to reduce the risk of privilege escalation that would enable exploitation. 3. Monitor network traffic and device logs for unusual POST requests or command execution patterns indicative of exploitation attempts. 4. Apply vendor patches or firmware updates as soon as they become available; coordinate with MB connect line support for timelines and advisories. 5. Conduct thorough security audits of all mbNET.mini devices in the environment to identify and remediate any unauthorized access or configuration weaknesses. 6. Employ application-layer filtering or web application firewalls (WAFs) that can detect and block command injection payloads targeting the diagnostic interface. 7. Train operational staff on secure device management practices and incident response procedures specific to industrial communication devices. 8. Consider temporary disabling or limiting diagnostic functionalities if they are not essential, reducing the attack surface until a patch is applied.