Vulnerability in Pilz Industrialpi 4 With Webstatus

CVE-2025-41648

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

EPSS: 0.007 (48.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-41648?
CVE-2025-41648 is a critical-severity vulnerability in Pilz Industrialpi 4 With Webstatus, classified under Incorrect Type Conversion or Cast. CVSS score: 9.8/10. Published 2025-07-01.
How severe is CVE-2025-41648?
Critical severity. CVSS v3 base score is 9.8 out of 10.