CVE-2025-27454

Summary

The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request.

Affected Software

VendorProductVersion RangeStatus
Endress+HauserEndress+Hauser MEAC300-FNADE40 <= <=0.16.0affected
Endress+HauserEndress+Hauser MEAC300-FNADE4>=0.17.0unaffected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References