CVE-2025-41450 Danfoss CVE debrief

Who should care

OT/ICS operators, building automation teams, asset owners, and defenders responsible for Danfoss AK-SM 8xxA Series installations, especially any deployment still running versions earlier than R4.2.

Technical summary

The CISA CSAF advisory for ICSA-25-140-03 identifies Danfoss AK-SM 8xxA Series < R4.2 as affected. The issue is described as unauthorized access caused by datetime-based password generation, which could potentially result in authentication bypass. The advisory assigns CVSS v3.1 8.2 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H), indicating a network-reachable but higher-complexity attack path that still requires user interaction. Danfoss states that release R4.2 addresses CVE-2025-41450.

Defensive priority

High. Prioritize remediation for any affected AK-SM 8xxA Series device running before R4.2, particularly where remote access paths or shared operational access exist.

Recommended defensive actions

• Inventory all Danfoss AK-SM 8xxA Series devices and verify installed versions.
• Upgrade affected systems to Danfoss R4.2 using the vendor’s AK-SM 800A Software Upgrade Process.
• Restrict and segment access to the device management interface until upgrades are complete.
• Review authentication and access logs for unexpected access attempts or anomalies.
• Follow CISA industrial control system recommended practices for hardening and defense in depth.

Evidence notes

Source basis is the CISA CSAF advisory ICSA-25-140-03 for CVE-2025-41450, first published 2025-05-20 and modified 2025-08-26. The advisory’s affected-product entry lists Danfoss AK-SM 8xxA Series < R4.2, and its remediation entry says R4.2 addresses CVE-2025-41450. The 2025-08-26 update A added CVE-2025-41451 and CVE-2025-41452 but did not change the original publication date for this CVE.

Official resources