CVE-2025-41719 is a vulnerability classified under CWE-1286, indicating improper validation of syntactic correctness of input in Sauter modulo 6 devices modu680-AS. The flaw allows a remote attacker with low privileges to send a crafted sequence of unsupported characters to the device's webserver interface. This input is not properly validated, causing corruption of the user storage on the device. The consequence is the deletion of all previously configured user accounts and the automatic creation of a default Administrator account with a known default password. This effectively grants the attacker full administrative access to the device without needing further authentication or user interaction. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, combined with network attack vector, low attack complexity, and no user interaction required. The vulnerability affects version 0.0.0 of the product, with no patch currently available. The device is typically used in building automation and industrial control systems, where secure user management is critical. The improper input validation represents a fundamental security design flaw, enabling privilege escalation and persistent unauthorized access. Although no exploits have been reported in the wild yet, the vulnerability's characteristics make it a prime target for attackers aiming to compromise critical infrastructure.

For European organizations, the impact of CVE-2025-41719 is significant, especially those relying on Sauter modulo 6 devices for building automation, HVAC control, and industrial process management. Successful exploitation leads to complete loss of user account integrity on the device, allowing attackers to gain persistent administrative control. This can result in unauthorized manipulation of device functions, disruption of building or industrial operations, data theft, and potential safety hazards. The default Administrator account with a known password facilitates lateral movement within networks and undermines trust in security controls. Given the critical role these devices play in infrastructure, the availability and reliability of services could be severely affected, causing operational downtime and financial losses. Additionally, regulatory compliance risks arise due to compromised security controls, potentially leading to penalties under GDPR and other European cybersecurity regulations. The vulnerability's remote exploitability without user interaction increases the likelihood of targeted attacks or automated scanning campaigns.

1. Immediate mitigation should focus on network-level protections: isolate Sauter modulo 6 devices within dedicated network segments with strict firewall rules limiting access to trusted management hosts only. 2. Implement VPN or other secure remote access solutions with multi-factor authentication to reduce exposure of device web interfaces to the internet or untrusted networks. 3. Monitor device logs and network traffic for unusual patterns indicative of exploitation attempts, such as repeated unsupported character sequences or sudden user account resets. 4. Engage with the vendor (Sauter) to obtain firmware updates or patches as soon as they are released; prioritize testing and deployment of these updates in production environments. 5. Change default credentials on all devices immediately and enforce strong password policies for all user accounts to reduce risk if the default Administrator account is recreated. 6. Conduct regular security audits and vulnerability assessments focusing on building automation and industrial control systems to identify and remediate similar weaknesses. 7. Develop incident response plans specific to industrial control system compromises to enable rapid containment and recovery if exploitation occurs.