CVE-2025-41720 | Sauter EY-modulo 5 ecos 5 ecos505 up to 3.1.x Webserver API reliance on file name or extension of externally-supplied file (vde-2025-060)

A vulnerability described as critical has been identified in Sauter Modulo 6 Devices modu680-AS, Modulo 6 Devices modu660-AS, Modulo 6 Devices modu612-LC, EY-modulo 5 modu 5 modu524, EY-modulo 5 modu 5 modu525, EY-modulo 5 ecos 5 ecos504 and EY-modulo 5 ecos 5 ecos505 up to 3.1.x. The impacted element is an unknown function of the component Webserver API. The manipulation results in reliance on file name or extension of externally-supplied file.

This vulnerability is reported as CVE-2025-41720. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More