CVE-2025-41731

Summary

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.

Affected Software

VendorProductVersion RangeStatus
JumovariTRON3000.0.0.0 < 9.0.2.5affected
JumovariTRON5000.0.0.0 < 9.0.2.5affected
JumovariTRON500 touch0.0.0.0 < 9.0.2.5affected

Weaknesses

  • CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References