Flaws in Weidmueller IE-SR-2TX Routers Allow Remote Root Access!

A recent coordinated security advisory issued by CERT@VDE and Weidmueller has disclosed three critical vulnerabilities affecting the IE-SR-2TX series of security routers, potentially allowing unauthenticated remote attackers to execute arbitrary commands with root privileges.

According to the advisory, the flaws — tracked as CVE-2025-41661, CVE-2025-41662, and CVE-2025-41663 — impact multiple versions of the Weidmueller IE-SR-2TX-WL and IE-SR-2TX-WL-4G devices, which are commonly deployed in industrial and OT network environments.

“Weidmueller security routers IE-SR-2TX are affected by multiple vulnerabilities… that may lead to execution of arbitrary commands on affected devices with root privileges,” the advisory states.

• CVE-2025-41661 (CVSS 8.8): This flaw arises from a lack of Cross-Site Request Forgery (CSRF) protection in the event_mail_test endpoint of the device’s main web interface. An unauthenticated remote attacker could exploit this to execute root-level commands.
• CVE-2025-41662 (CVSS 8.8): Similarly, a CSRF vulnerability exists in the tls_iotgen_setting endpoint, allowing remote attackers to achieve command execution with elevated privileges.
• CVE-2025-41663 (CVSS 8.1): A man-in-the-middle attacker can inject arbitrary commands by tampering with responses from the WWH servers, resulting in unauthorized command execution with elevated rights.

Weidmueller has released patched firmware versions for the affected devices. Users are strongly advised to update as follows:

Firmware updates can be accessed through the official Weidmueller support portal.

Related Posts:

• Critical (CVSS 9.8): Weidmueller Switch Flaws Risk Full System Compromise
• Let’s Encrypt Root gains the trust of all major root programs
• US/UK warn Russia to hack into global routers
• Hackers use Cisco Router flaws to attack Iran, 3,500 routers hacked
• NETGEAR Patches Critical Security Vulnerabilities in WiFi Routers (CVE-2025-25246) and Access Points

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.