CVE-2025-41733

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.

More information : https://certvde.com/de/advisories/VDE-2025-097