CVE-2025-41730: Stack-based buffer overflow via unsafe sscanf in check_account()
Published Dec 10, 2025
·Updated
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkaccount() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
Affected Software
4 affected components
All of the following
WAGO 0852-1328 Firmware<02.64
WAGO 0852-1328
All of the following
WAGO 0852-1322 Firmware<02.64
WAGO 0852-1322
Event History
Dec 10, 2025
CVE Published
via MITRE·11:04 AM
Data Sourced
via MITRE·11:04 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·11:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-41730?
CVE-2025-41730 is considered a critical vulnerability due to its ability to allow unauthenticated remote attackers to compromise devices.
2
How do I fix CVE-2025-41730?
To mitigate CVE-2025-41730, update the firmware of affected WAGO devices to the latest version beyond 02.64.
3
What does CVE-2025-41730 affect?
CVE-2025-41730 affects WAGO 0852-1322 and WAGO 0852-1328 firmware versions up to 02.64.
4
What type of attack does CVE-2025-41730 involve?
CVE-2025-41730 involves remote code execution through unsafe sscanf calls that allow arbitrary data writing into stack buffers.
5
Is authentication required to exploit CVE-2025-41730?
No, CVE-2025-41730 can be exploited by unauthenticated remote attackers.