Vulnerability in Janitza Umg 96rm-e 230v(5222062)
CVE-2025-41712
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.
EPSS: 0.000 (13.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.
Affected products
- Janitza Umg 96rm-e 230v(5222062) — versions 0.0
- Janitza Umg 96rm-e 24v(5222063) — versions 0.0
- Weidmueller Energy Meter 750-230 (2540910000) — versions 0.0
- Weidmueller Energy Meter 750-24 (2540900000) — versions 0.0
Weakness classification (CWE)
References
- certvde.com/en/advisories/VDE-2025-079/ (vendor-advisory)
- certvde.com/en/advisories/VDE-2025-096/ (vendor-advisory)
- janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json (vendor-advisory)
- weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json (vendor-advisory)
Frequently asked questions
- What is CVE-2025-41712?
- CVE-2025-41712 is a medium-severity vulnerability in Janitza Umg 96rm-e 230v(5222062), classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 6.5/10. Published 2026-03-10.
- How severe is CVE-2025-41712?
- Medium severity. CVSS v3 base score is 6.5 out of 10.