Security Advisory

CVE-2025-41663

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-11 08:15:55

Last updated 2025-07-24 14:32:41

Assigner CERTVDE

State PUBLISHED

Description

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.

← Browse all CVEs View on cve.org ↗