CVE-2025-41672

Published Jul 7, 2025

Last updated 10 days ago

CVSS critical 10.0

Overview

Description
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
Source
info@cert.vde.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

info@cert.vde.com
CWE-1188

Social media

Hype score
Not currently trending

  1. ๐Ÿšจ CVE-2025-41672 Critical JWT forgery in #WAGODeviceSphere (CVSS 10.0)! Default certs let attackers mint tokens & take full remote control of your devices. Upgrade to v1.0.1 now & replace default keys ๐Ÿ” ๐Ÿ“ฅ https://t.co/OZ1HZ3jKqk #CyberSecurity #InfoSec #Vulnera

    @BaseFortify

    7 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-41672 JWT Token Generation Vulnerability in Authentication Mechanism Enabling Unauthorized Access https://t.co/OVTm5HUUai

    @VulmonFeeds

    7 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ๐Ÿšจ CRITICAL: CVE-2025-41672 hits WAGO Device Sphere 1.0.0! Remote attackers can gain full control using default certs. Patch ASAP or isolate now! https://t.co/DA3dOUqznN #OffSeq #ICS #OTsecurity https://t.co/7sIF0lvMsk

    @offseq

    7 Jul 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-41672 A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. https://t.co/T6qB7mJIMU

    @CVEnew

    7 Jul 2025

    317 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-41672: CRITICAL] A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.#cve,CVE-2025-41672,#cybersecurity https://t.co/PD6yXh5urj https://t.co/Mhj2F9tie4

    @CveFindCom

    7 Jul 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.