CVE-2025-41732: Stack-based buffer overflow via unsafe sscanf in check_cookie()
Published Dec 10, 2025
·Updated
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkcookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
Affected Software
4 affected components
All of the following
WAGO 0852-1328 Firmware<02.64
WAGO 0852-1328
All of the following
WAGO 0852-1322 Firmware<02.64
WAGO 0852-1322
Event History
Dec 10, 2025
CVE Published
via MITRE·11:04 AM
Data Sourced
via MITRE·11:04 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·11:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-41732?
CVE-2025-41732 has a high severity rating due to the potential for full device compromise from an unauthenticated remote attacker.
2
How do I fix CVE-2025-41732?
To resolve CVE-2025-41732, update the WAGO 0852-1328 or 0852-1322 firmware to a version later than 02.64.
3
What are the affected products of CVE-2025-41732?
CVE-2025-41732 affects WAGO 0852-1328 and 0852-1322 firmware versions up to 02.64.
4
Can CVE-2025-41732 be exploited locally?
CVE-2025-41732 cannot be exploited locally as it requires unauthenticated remote access.
5
What impact does CVE-2025-41732 have on device security?
CVE-2025-41732 allows attackers to write arbitrary data into fixed-size stack buffers, potentially leading to full device compromise.