CVE-2025-41735 is a vulnerability classified under CWE-434, indicating an Unrestricted Upload of File with Dangerous Type in the METZ CONNECT Energy-Controlling EWIO2-M device. The flaw arises from the device's failure to properly validate uploaded files, allowing a remote attacker with low privileges to upload arbitrary files to any location on the device. This lack of file type checking enables the attacker to place malicious payloads that can be executed remotely, resulting in full remote code execution (RCE). The vulnerability is exploitable over the network without user interaction and requires only low privileges, which significantly lowers the barrier for exploitation. The CVSS v3.1 score of 8.8 reflects the critical impact on confidentiality, integrity, and availability, as an attacker could fully compromise the device, potentially disrupting energy management operations. The affected version is listed as 0.0.0, which likely indicates all current versions prior to a patch are vulnerable. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be treated with urgency. The device is typically used in energy control environments, making it a high-value target for attackers aiming to disrupt industrial control systems or critical infrastructure.

For European organizations, especially those in the energy sector, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized control over energy-controlling devices, potentially causing operational disruptions, data breaches, or sabotage of energy infrastructure. The confidentiality of operational data could be compromised, integrity of control commands altered, and availability of energy management systems disrupted, leading to cascading effects on dependent services and industries. Given Europe’s strong focus on energy security and the increasing digitization of industrial control systems, this vulnerability could be leveraged by threat actors to conduct espionage, sabotage, or ransomware attacks. Organizations relying on METZ CONNECT devices in critical infrastructure, manufacturing, or smart grid environments are particularly vulnerable. The lack of current patches increases the window of exposure, emphasizing the need for immediate risk mitigation.

1. Immediately restrict network access to the EWIO2-M device management interfaces using firewalls and network segmentation to limit exposure to trusted administrators only. 2. Implement strict application-layer filtering or web application firewalls (WAFs) to detect and block malicious file uploads or unusual file types. 3. Monitor device logs and network traffic for signs of unauthorized upload attempts or anomalous behavior indicative of exploitation attempts. 4. Engage with METZ CONNECT for official patches or firmware updates and apply them as soon as they become available. 5. Employ multi-factor authentication and strong credential management to reduce the risk of low-privilege account compromise. 6. Conduct regular security audits and penetration testing focused on file upload functionalities and remote management interfaces. 7. Develop and test incident response plans specifically addressing potential compromises of energy-controlling devices. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned for industrial control system protocols and behaviors.