CVE-2025-41672: WAGO: Vulnerability in WAGO Device Sphere
Published Jul 7, 2025
·Updated
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
Affected Software
1 affected component
WAGO Device Sphere
Event History
Jul 7, 2025
CVE Published
via MITRE·06:17 AM
Data Sourced
via MITRE·06:17 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·07:15 AM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-41672?
CVE-2025-41672 is considered a critical vulnerability due to the potential for remote unauthenticated access.
2
How do I fix CVE-2025-41672?
To fix CVE-2025-41672, update your WAGO Device Sphere software to the latest version provided by the vendor.
3
Who is affected by CVE-2025-41672?
CVE-2025-41672 affects users of WAGO Device Sphere that utilize default certificates for JWT Token generation.
4
What impact does CVE-2025-41672 have on my system?
CVE-2025-41672 allows an attacker to gain full access to the tool and all connected devices, compromising system integrity.
5
Is it possible to exploit CVE-2025-41672 without authentication?
Yes, CVE-2025-41672 can be exploited by remote attackers without any authentication requirements.