Vulnerabilites related to Auma - AC1.2
CVE-2025-41657 (GCVE-0-2025-41657)
Vulnerability from cvelistv5
Published
2025-06-10 10:46
Modified
2025-06-10 14:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-207 - Observable Behavioral Discrepancy With Equivalent Products
Summary
Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:25:31.913039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:25:52.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AC1.2",
"vendor": "Auma",
"versions": [
{
"lessThan": "09.05.2025",
"status": "affected",
"version": "01.01.2024",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PROFOX",
"vendor": "Auma",
"versions": [
{
"lessThan": "09.05.2025",
"status": "affected",
"version": "01.01.2024",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
}
],
"value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-207",
"description": "CWE-207 Observable Behavioral Discrepancy With Equivalent Products",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T10:46:30.034Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-047"
}
],
"source": {
"advisory": "VDE-2025-047",
"defect": [
"CERT@VDE#641788"
],
"discovery": "UNKNOWN"
},
"title": "AUMA: Incorrect delivery status of the Bluetooth configuration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41657",
"datePublished": "2025-06-10T10:46:30.034Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-06-10T14:25:52.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}