CVE-2025-41715

Summary

The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.

Affected Software

VendorProductVersion RangeStatus
WAGODevice Sphere0.0.0 < 1.1.0affected
WAGOSolution Builder0.0.0 < 2.3.3affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References