{ "document": { "acknowledgments": [ { "organization": "CERT@VDE", "summary": "coordination", "urls": [ "https://certvde.com" ] }, { "names": [ "Peter Husted Simonsen", "Irwin Przeperski" ], "organization": "Eviden", "summary": "reporting" } ], "aggregate_severity": { "namespace": "https://mbconnectline.com", "text": "critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en-GB", "notes": [ { "category": "summary", "text": "Two vulnerabilities in mbCONNECT24/mymbCONNECT24 can lead to user enumeration an password bypass.", "title": "Summary" }, { "category": "description", "text": "CVE-2025-3091: An attacker in possession of the second factor for an user can login as that user without knowledge of the password (first factor)\n\nCVE-2025-3092: An unprotected endpoint can by used to enumerate valid user names.", "title": "Impact" }, { "category": "description", "text": "CVE-2025-3091: Update to latest version: 2.16.5\n\nCVE-2025-3092: Update to latest version: 2.18.0", "title": "Remediation" }, { "category": "general", "text": "Always use the latest available firmware version on all devices.", "title": "General Recommendation" } ], "publisher": { "category": "vendor", "contact_details": "security-team@mbconnectline.de", "name": "MB connect line GmbH", "namespace": "https://mbconnectline.com" }, "references": [ { "category": "external", "summary": "MB connect line GmbH Advisories", "url": "https://mbconnectline.com/security-advice" }, { "category": "external", "summary": "CERT@VDE Security Advisories for MB connect line GmbH", "url": "https://certvde.com/en/advisories/vendor/mbconnectline" }, { "category": "self", "summary": "VDE-2025-035: Vulnerabilities in mbCONNECT24/mymbCONNECT24 - HTML", "url": "https://certvde.com/en/advisories/VDE-2025-035" }, { "category": "self", "summary": "VDE-2025-035: Vulnerabilities in mbCONNECT24/mymbCONNECT24 - CSAF", "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-035.json" } ], "title": "Vulnerabilities in mbCONNECT24/mymbCONNECT24", "tracking": { "aliases": [ "VDE-2025-035" ], "current_release_date": "2025-06-24T10:00:00.000Z", "generator": { "date": "2025-06-16T07:15:43.019Z", "engine": { "name": "Secvisogram", "version": "2.5.26" } }, "id": "VDE-2025-035", "initial_release_date": "2025-06-24T10:00:00.000Z", "revision_history": [ { "date": "2025-06-24T10:00:00.000Z", "number": "1", "summary": "Initial revision." } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "mbCONNECT24", "product": { "name": "mbCONNECT24", "product_id": "CSAFPID-11001" } }, { "category": "product_name", "name": "mymbCONNECT24", "product": { "name": "mymbCONNECT24", "product_id": "CSAFPID-11002" } } ], "category": "product_family", "name": "mbCONNECT24" } ], "category": "product_family", "name": "Hardware" }, { "branches": [ { "category": "product_version", "name": "2.18.0", "product": { "name": "Firmware 2.18.0", "product_id": "CSAFPID-22001" } }, { "category": "product_version_range", "name": "<2.18.0", "product": { "name": "Firmware <2.18.0", "product_id": "CSAFPID-21002" } }, { "category": "product_version", "name": "2.16.5", "product": { "name": "Firmware 2.16.5", "product_id": "CSAFPID-22003" } }, { "category": "product_version_range", "name": "<2.16.5", "product": { "name": "Firmware <2.16.5", "product_id": "CSAFPID-22004" } } ], "category": "product_family", "name": "Firmware" } ], "category": "vendor", "name": "MB connect line GmbH" } ], "product_groups": [ { "group_id": "CSAFGID-0001", "product_ids": [ "CSAFPID-31001", "CSAFPID-31002", "CSAFPID-33001", "CSAFPID-33002" ], "summary": "Affected products." }, { "group_id": "CSAFGID-0002", "product_ids": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-34001", "CSAFPID-34002" ], "summary": "Fixed products." } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "Firmware <2.16.5 installed on mbCONNECT24", "product_id": "CSAFPID-31001" }, "product_reference": "CSAFPID-22004", "relates_to_product_reference": "CSAFPID-11001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <2.16.5 installed on mymbCONNECT24", "product_id": "CSAFPID-31002" }, "product_reference": "CSAFPID-22004", "relates_to_product_reference": "CSAFPID-11002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 2.16.5 installed on mbCONNECT24", "product_id": "CSAFPID-32001" }, "product_reference": "CSAFPID-22003", "relates_to_product_reference": "CSAFPID-11001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 2.16.5 installed on mymbCONNECT24", "product_id": "CSAFPID-32002" }, "product_reference": "CSAFPID-22003", "relates_to_product_reference": "CSAFPID-11002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <2.18.0 installed on mbCONNECT24", "product_id": "CSAFPID-33001" }, "product_reference": "CSAFPID-21002", "relates_to_product_reference": "CSAFPID-11001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <2.18.0 installed on mymbCONNECT24", "product_id": "CSAFPID-33002" }, "product_reference": "CSAFPID-21002", "relates_to_product_reference": "CSAFPID-11002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 2.18.0 installed on mbCONNECT24", "product_id": "CSAFPID-34001" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 2.18.0 installed on mymbCONNECT24", "product_id": "CSAFPID-34002" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11002" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-3091", "cwe": { "id": "CWE-639", "name": "Authorization Bypass Through User-Controlled Key" }, "notes": [ { "audience": "all", "category": "description", "text": "An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.", "title": "Vulnerability Description" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002" ], "known_affected": [ "CSAFPID-31001", "CSAFPID-31002" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update to latest version: 2.16.5", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-31001", "CSAFPID-31002" ] } ], "title": "CVE-2025-3091" }, { "cve": "CVE-2025-3092", "cwe": { "id": "CWE-204", "name": "Observable Response Discrepancy" }, "notes": [ { "audience": "all", "category": "description", "text": "An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.", "title": "Vulnerability Description" } ], "product_status": { "fixed": [ "CSAFPID-34001", "CSAFPID-34002" ], "known_affected": [ "CSAFPID-33001", "CSAFPID-33002" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update to latest version: 2.18.0", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-33001", "CSAFPID-33002" ] } ], "title": "CVE-2025-3092" } ] }