DSA-2025-03-01

Improper Authentication vulnerability in Danfoss AK-SM8xxA Series, resulting in an authentication bypass

Advisory Information

Advisory ID: DSA-2025-03-01

• CVE numbers and CVSS scores
  • CVE-2025-41450
    Base Score: 8.2 (HIGH)

Summary

Improper Authentication vulnerability in Danfoss AK-SM8xxA Series, resulting in an authentication bypass. Install the latest patch with number 4.2 to remediate this vulnerability.

Affected products and services

• Danfoss AK-SM 8xxA Series prior to version 4.2

Vulnerability description

CVE-2025-41450 - Improper Authentication vulnerability in Danfoss AK-SM8xxA Series.
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
Problem Type: CWE-305: Authentication Bypass by Primary Weakness

Remediations

• Install the latest software version through AK-SM 800A Series | Danfoss.

Mitigations

• N/A

Credits (if opted in)

1. Tomer Goldschmidt (Claroty Team82)

Other reference

• https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview

Update log

• 1 September, 2025: Updated the classification of Problem Type for improved accuracy and tracking
• 24 March, 2025: Publication