CVE-2025-41678 is an SQL Injection vulnerability identified in the MB connect line mbNET.mini device, a product commonly used in industrial network communications. The vulnerability arises from improper neutralization of special elements in SQL commands within the device’s configuration database interface. Specifically, the device processes POST requests that can contain maliciously crafted input, which is not adequately sanitized before being incorporated into SQL statements. This flaw allows a remote attacker with high privileges to manipulate the configuration database, potentially altering device settings or injecting malicious configurations. The vulnerability does not require user interaction but does require the attacker to have elevated privileges, which implies prior access or credential compromise. The CVSS v3.1 score is 6.5 (medium severity), reflecting the network attack vector, low attack complexity, required high privileges, and the impact on integrity and availability but no impact on confidentiality. Although no exploits are currently known in the wild, the vulnerability poses a significant risk to operational technology environments where mbNET.mini devices are deployed. The lack of available patches at the time of publication increases the urgency for interim mitigations. The vulnerability is cataloged under CWE-89, which is a common and well-understood class of injection flaws that can lead to severe consequences if exploited in critical infrastructure devices.

For European organizations, especially those operating in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability could lead to unauthorized modification of device configurations, potentially disrupting network communications or causing operational failures. The integrity of the configuration database is critical for device stability and security; unauthorized changes could result in denial of service or facilitate further attacks within the network. Given the device’s role in industrial environments, exploitation could impact production lines, safety systems, or data flows, leading to financial losses and safety risks. The medium severity rating reflects the requirement for high privileges, which somewhat limits the attack surface but does not eliminate risk, particularly if credential theft or insider threats are present. The absence of known exploits reduces immediate risk but does not preclude targeted attacks. European organizations relying on mbNET.mini devices should consider this vulnerability a significant operational risk, especially in sectors where device availability and integrity are paramount.

1. Immediately restrict remote access to mbNET.mini devices to trusted networks and users only, employing network segmentation and firewall rules to limit exposure. 2. Implement strong authentication and credential management practices to prevent unauthorized privilege escalation. 3. Monitor and log POST requests to the device’s configuration interface for unusual or malformed inputs indicative of injection attempts. 4. Deploy intrusion detection or prevention systems capable of identifying SQL injection patterns targeting industrial devices. 5. Engage with MB connect line vendor support to obtain patches or firmware updates as soon as they become available and apply them promptly. 6. Conduct regular security audits and penetration tests focusing on industrial control system components to identify and remediate similar vulnerabilities. 7. Educate operational technology staff on the risks of SQL injection and the importance of secure configuration management. 8. Consider implementing application-layer gateways or proxies that sanitize inputs before they reach the device if immediate patching is not feasible.