Vulnerability Details CVE-2025-40948
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly validate input in the web server's JSON-RPC interface.
This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 20.4%
CVSS Severity
CVSS v3 Score 6.8
Products affected by CVE-2025-40948
-
cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-
-
cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-
-
cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-
-
cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:2.14.0
-
cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:2.14.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:2.14.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:2.14.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:2.14.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:2.14.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:2.14.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:2.16.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:2.14.0
-
cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:2.14.1
-
cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:2.16.0