Vulnerability Details CVE-2025-41736
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.3%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-41736
-
cpe:2.3:h:metz-connect:ewio2-bm:-
-
cpe:2.3:h:metz-connect:ewio2-m-bm:-
-
cpe:2.3:h:metz-connect:ewio2-m:-
-
cpe:2.3:o:metz-connect:ewio2-bm_firmware:*
-
cpe:2.3:o:metz-connect:ewio2-m-bm_firmware:*
-
cpe:2.3:o:metz-connect:ewio2-m_firmware:*