VDE CERT has issued a security advisory disclosing two vulnerabilities in WAGO Device Sphere and WAGO Solution Builder, software widely used for industrial automation and device management. The flaws, tracked as CVE-2025-41715 and CVE-2025-41716, could expose sensitive data, compromise databases, and enable targeted attacks if left unpatched.
The most severe vulnerability, CVE-2025-41715, carries a CVSS score of 9.8 and stems from a missing authentication check. According to the advisory, “The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.”
Such access could enable attackers to read, manipulate, or delete records within the database, potentially leading to data loss, theft, or full application compromise.
A second flaw, CVE-2025-41716, rated at CVSS 5.3, allows unauthenticated attackers to enumerate users and their roles. The advisory explains, “The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.”
This exposure can facilitate brute-force attacks, credential stuffing, or social engineering campaigns specifically aimed at privileged accounts.
Together, these vulnerabilities could provide attackers with a clear path to initial compromise and privilege escalation within environments where WAGO software is deployed. As the advisory warns, “Exposing database credentials gives attackers direct database access, leading to data loss, theft or manipulation. Exposing user accounts and roles facilitates targeted attacks like brute-force or social engineering, increasing the risk of compromising privileged accounts.”
VDE CERT advises users to update to the latest secure versions immediately:
- WAGO Device Sphere: upgrade to version 1.1.0 or later.
- WAGO Solution Builder: upgrade to version 2.3.3 or later.
Organizations running earlier versions remain vulnerable and should prioritize patching as part of their security maintenance.
- WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits
- CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover
- Microsoft releases its own custom Linux kernel and distribution for the Internet of Things
- WAGO Industrial Managed Switch Vulnerability Exposed to RCE
- Kaspersky Report: Energy Industry becomes the largest area affected by vulnerabilities in industrial automation systems
