CVE-2025-41451 - Vulnerability Details - OpenCVE

ReportizFlow

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system.

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Danfoss	Ak-sm8xxa Series

No data.

No data.

References

Link	Providers
https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview

History

Sun, 24 Aug 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Danfoss Danfoss ak-sm8xxa Series
Vendors & Products		Danfoss Danfoss ak-sm8xxa Series

Fri, 22 Aug 2025 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 22 Aug 2025 03:00:00 +0000

Type	Values Removed	Values Added
Description		Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system.
Title		Post-Authentication OS Command Injection RCE in Danfoss AK-SM8xxA Series
Weaknesses		CWE-77
References		https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: Danfoss

Published: 2025-08-22T02:40:46.216Z

Updated: 2025-08-22T11:25:28.640Z

Reserved: 2025-04-16T10:32:42.818Z

Link: CVE-2025-41451

Vulnrichment

Updated: 2025-08-22T10:59:58.245Z

NVD

Status : Awaiting Analysis

Published: 2025-08-22T03:15:29.980

Modified: 2025-08-22T18:08:51.663

Link: CVE-2025-41451

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41451", "assignerOrgId": "d7ff35af-cf88-454c-bab9-af60602f10f8", "state": "PUBLISHED", "assignerShortName": "Danfoss", "dateReserved": "2025-04-16T10:32:42.818Z", "datePublished": "2025-08-22T02:40:46.216Z", "dateUpdated": "2025-08-22T11:25:28.640Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AK-SM8xxA Series", "vendor": "Danfoss", "versions": [{"lessThan": "4.3.1", "status": "affected", "version": "0", "versionType": "cpe"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system."}], "value": "Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series\u00a0prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d7ff35af-cf88-454c-bab9-af60602f10f8", "shortName": "Danfoss", "dateUpdated": "2025-08-22T02:40:46.216Z"}, "references": [{"url": "https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview"}], "source": {"discovery": "EXTERNAL"}, "title": "Post-Authentication OS Command Injection RCE in Danfoss AK-SM8xxA Series", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-22T10:59:49.161150Z", "id": "CVE-2025-41451", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-22T11:25:28.640Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41451", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-22T10:59:49.161150Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-22T10:59:58.245Z"}}], "cna": {"title": "Post-Authentication OS Command Injection RCE in Danfoss AK-SM8xxA Series", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Danfoss", "product": "AK-SM8xxA Series", "versions": [{"status": "affected", "version": "0", "lessThan": "4.3.1", "versionType": "cpe"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series\u00a0prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system.", "supportingMedia": [{"type": "text/html", "value": "Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "d7ff35af-cf88-454c-bab9-af60602f10f8", "shortName": "Danfoss", "dateUpdated": "2025-08-22T02:40:46.216Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41451", "state": "PUBLISHED", "dateUpdated": "2025-08-22T11:25:28.640Z", "dateReserved": "2025-04-16T10:32:42.818Z", "assignerOrgId": "d7ff35af-cf88-454c-bab9-af60602f10f8", "datePublished": "2025-08-22T02:40:46.216Z", "assignerShortName": "Danfoss"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series\u00a0prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de los campos de configuraci\u00f3n de alarma a correo utilizados en un comando de shell del sistema operativo ('Inyecci\u00f3n de comando') en Danfoss AK-SM8xxA Series anterior a la versi\u00f3n 4.3.1, lo que conduce a una posible ejecuci\u00f3n de c\u00f3digo remoto autenticado posteriormente en un sistema atacado."}], "id": "CVE-2025-41451", "lastModified": "2025-08-22T18:08:51.663", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "d7ff35af-cf88-454c-bab9-af60602f10f8", "type": "Secondary"}]}, "published": "2025-08-22T03:15:29.980", "references": [{"source": "d7ff35af-cf88-454c-bab9-af60602f10f8", "url": "https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview"}], "sourceIdentifier": "d7ff35af-cf88-454c-bab9-af60602f10f8", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "d7ff35af-cf88-454c-bab9-af60602f10f8", "type": "Secondary"}]}