CVE-2025-41653

{"id": "CVE-2025-41653", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-27T09:15:21.903", "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-044/", "source": "info@cert.vde.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-410"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive."}, {"lang": "es", "value": "Un atacante remoto no autenticado puede explotar una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad del servidor web del dispositivo enviando una solicitud HTTP especialmente manipulada con un encabezado malicioso, lo que podr\u00eda provocar que el servidor se bloquee o deje de responder."}], "lastModified": "2025-05-28T15:01:30.720", "sourceIdentifier": "info@cert.vde.com"}