What security vulnerabilities has Weidmueller reported in their IE-SR-2TX routers?

Weidmueller Interface GmbH & Co. KG has reported multiple critical security vulnerabilities affecting its IE-SR-2TX series of industrial security routers. These include five vulnerabilities with CVSS scores ranging from 8.8 to 9.8, comprising OS command injection flaws, a stack-based buffer overflow, and a cross-site request forgery vulnerability that could allow attackers to execute arbitrary commands with root privileges.

What are the most critical vulnerabilities with CVSS 9.8 scores?

The two most critical vulnerabilities are CVE-2025-41663 and CVE-2025-41687, both with CVSS scores of 9.8. CVE-2025-41663 is an OS Command Injection vulnerability in the u-link Management API that allows unauthenticated remote attackers in man-in-the-middle positions to inject arbitrary commands. CVE-2025-41687 is a Stack-based Buffer Overflow in the u-link Management API that enables unauthenticated remote attackers to gain full access to affected devices.

Which Weidmueller router models are affected by these vulnerabilities?

The vulnerabilities affect multiple models of Weidmueller's IE-SR-2TX wireless security routers, including IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU, and IE-SR-2TX-WL-4G-US-V models.

What are the vulnerable and fixed firmware versions for each model?

For IE-SR-2TX-WL: vulnerable versions are below V1.49, fixed in V1.49. For IE-SR-2TX-WL-4G-EU: vulnerable versions are below V1.62, fixed in V1.62. For IE-SR-2TX-WL-4G-US-V: vulnerable versions are below V1.62, fixed in V1.62.

What other vulnerabilities with CVSS 8.8 scores were discovered?

Three additional vulnerabilities with CVSS scores of 8.8 were discovered: CVE-2025-41661, a Cross-Site Request Forgery vulnerability allowing unauthenticated remote attackers to execute arbitrary commands with root privileges; CVE-2025-41683, an OS Command Injection in the Main Web Interface event_mail_test endpoint; and CVE-2025-41684, an OS Command Injection in the Main Web Interface tls_iotgen_setting endpoint. The latter two enable authenticated attackers to execute arbitrary commands with root privileges.

What immediate actions should organizations take to secure their devices?

Organizations should immediately apply the firmware updates to the fixed versions: V1.49 for IE-SR-2TX-WL and V1.62 for IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V models. Additionally, Weidmueller recommends changing all default passwords on affected devices, isolating the routers within protected network segments, and restricting access to trusted networks only.

Can these vulnerabilities be exploited without authentication?

Yes, several of these vulnerabilities can be exploited without authentication. CVE-2025-41663 and CVE-2025-41687 both allow unauthenticated remote attackers to compromise devices, with CVE-2025-41661 also enabling unauthenticated attacks through cross-site request forgery. This makes these vulnerabilities particularly dangerous as they don't require valid credentials to exploit.

What type of access can attackers gain through these vulnerabilities?

Attackers can execute arbitrary commands with root privileges on compromised devices, which represents the highest level of system access possible. This means attackers could potentially take complete control of affected industrial security routers, compromising network security and potentially accessing connected industrial systems.

Are these vulnerabilities being actively exploited?

The advisory does not specify whether these vulnerabilities are being actively exploited in the wild. However, given the critical nature of these flaws (CVSS scores of 8.8-9.8) and their impact on industrial security routers, organizations should treat them as high-priority security risks requiring immediate patching.

What additional network security measures should be implemented?

Beyond applying firmware updates and changing default passwords, Weidmueller recommends isolating the routers within protected network segments and restricting access to trusted networks only. Organizations should also consider implementing network monitoring to detect any suspicious activity and ensure these industrial security devices are not directly accessible from the internet.

Advisory

Multiple vulnerabilities reported in Weidmueller Industrial Routers

published: July 24, 2025

Take action: If you have Weidmueller IE-SR-2TX industrial routers, make sure they are isolated from the internet and accesible from trusted networks only. Then plan an update to the latest firmware versions (V1.49 or V1.62 depending on your model).

Learn More

Weidmueller Interface GmbH & Co. KG is reporting multiple critical security vulnerabilities affecting its IE-SR-2TX series of industrial security routers that could allow attackers to execute arbitrary commands with root privileges on compromised devices.

Vulnerabilities summary:

CVE-2025-41663 (CVSS score 9.8) - OS Command Injection vulnerability affecting the u-link Management API, allowing unauthenticated remote attackers in man-in-the-middle positions to inject arbitrary commands in responses from WWH servers
CVE-2025-41687 (CVSS score 9.8) - Stack-based Buffer Overflow in the u-link Management API that enables unauthenticated remote attackers to gain full access to affected devices
CVE-2025-41661 (CVSS score 8.8) - Cross-Site Request Forgery vulnerability allowing unauthenticated remote attackers to execute arbitrary commands with root privileges due to lack of CSRF protection
CVE-2025-41683 (CVSS score 8.8) - OS Command Injection in the Main Web Interface event_mail_test endpoint enabling authenticated attackers to execute arbitrary commands with root privileges
CVE-2025-41684 (CVSS score 8.8) - OS Command Injection in the Main Web Interface tls_iotgen_setting endpoint allowing authenticated attackers to execute arbitrary commands with root privileges

The security flaws impact multiple models of Weidmueller's IE-SR-2TX wireless security routers.

Product	Affected Version	Fixed Version
IE-SR-2TX-WL	<V1.49	V1.49
IE-SR-2TX-WL-4G-EU	<V1.62	V1.62
IE-SR-2TX-WL-4G-US-V	<V1.62	V1.62

Apart from applying the firmware updates, Weidmueller recommends that organizations change all default passwords on affected devices, isolate the routers within protected network segments, and restrict access to trusted networks.

Multiple vulnerabilities reported in Weidmueller Industrial Routers

Read More
Siemens reports critical flaw in User Management Component …
Security Flaws in Pix-Link LV-WR21Q Routers Expose Wi-Fi …
Siemens released patches for over 270 vulnerabilities
Planet Technology reports security flaws in their network …
CISA reports critical security vulnerabilities in Viessmann Vitogate …