Danfoss CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Danfoss CVE published 2025-05-20

CVE-2025-41452

CVE-2025-41452 is a medium-severity availability issue in Danfoss AK-SM 8xxA Series devices prior to version 4.3.1. According to the CISA CSAF advisory, a post-authenticated external control of a system web interface configuration setting can trigger denial of service when exceptional conditions are handled improperly. Danfoss identifies version 4.3.1 as the fixed release.

HIGH Danfoss CVE published 2025-05-20

CVE-2025-41450

CVE-2025-41450 is a high-severity access-control issue in Danfoss AK-SM 8xxA Series versions prior to R4.2. CISA’s advisory says a datetime-based password generation weakness could allow unauthorized access and potentially an authentication bypass. Danfoss addressed the issue in R4.2.