DSA-2025-12-01

Danfoss MCT10 Installer Bundles Unused MSXML 3.0 with Known Security Issues

Advisory Information

Advisory ID: DSA-2025-12-01

• CVE numbers and CVSS scores
  • CVE number: N/A
  • CVSS:10

Summary

Danfoss MCT10 Installer Bundles Unused MSXML 3.0 with Known Security Issues prior to version 6.20_build_7483_RC_signed, which could increase the system’s attack surface.

Affected products and services

• Danfoss MCT10 Installer prior to version 6.20_build_7483_RC_signed

Vulnerability description

In MCT10 versions prior to 6.20_build_7483_RC_signed, the installer packages an unused MSXML 3.0 component with known security vulnerabilities. Although MCT10 does not actively use this component, its presence on the system may still increase the attack surface and expose it to potential exploitation.

Remediations

• Uninstall affected version of MCT10
• Verify MSXML 3.0 is uninstalled
• Install newest version of MCT10 through Tools - MyDrive® Suite

Mitigations

• N/A

Credits (if opted in)

• N/A

Other reference

• https://www.tenable.com/plugins/nessus/62758

 

Update log

• 10 December, 2025: Publication