CVE-2025-41734 | Metz Connect Energy-Controlling EWIO2-M up to 2.1.x filename control (VDE-2025-097)

A vulnerability classified as very critical was found in Metz Connect Energy-Controlling EWIO2-M, Energy-Controlling EWIO2-M-BM and Ethernet-IO EWIO2-BM up to 2.1.x. This affects an unknown function. Such manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is referenced as CVE-2025-41734. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More