PatchSiren cyber security CVE debrief
CVE-2025-14750 Weintek CVE debrief
CVE-2025-14750 is a HIGH-severity issue in Weintek’s cMT X Series HMI EasyWeb Service. According to CISA’s advisory published on 2026-01-22, the web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user may be able to modify parameters and potentially manipulate account-level privileges. Weintek lists fixed versions for affected products and provides a planned notice with additional mitigation guidance.
- Vendor
- Weintek
- Product
- cMT3072XH
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-22
- Original CVE updated
- 2026-01-22
- Advisory published
- 2026-01-22
- Advisory updated
- 2026-01-22
Who should care
Organizations operating Weintek cMT X Series HMI devices, especially cMT3072XH, cMT3072XH(T), cMT-SVRX-820, and cMT-CTRL01. Security, OT/ICS, and IAM administrators should care most because the issue involves account-level privilege manipulation in a web application exposed on industrial HMI equipment.
Technical summary
The advisory describes an authorization/parameter-integrity weakness in EasyWeb Service: values treated as immutable by the application can be externally controlled by a low-privileged user. The result is potential manipulation of account-level privileges. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L, indicating network exposure, low attack complexity, and potential high confidentiality and integrity impact.
Defensive priority
High. The issue is network-reachable in the CVSS vector, requires only low privileges, and may affect privilege boundaries in an industrial web management interface. Prioritize patching affected assets and validating that only trusted users can reach the EasyWeb service.
Recommended defensive actions
- Upgrade affected products to vendor-fixed versions: cMT3072XH 20241112, cMT3072XH(T) 20241112, cMT-SVRX-820 20240919, or cMT-CTRL01 20250827, as applicable.
- Review and restrict access to the EasyWeb service to trusted management networks only.
- Audit account and privilege assignments on affected devices for unexpected changes.
- Monitor for unauthorized parameter changes or abnormal administrative actions.
- Consult Weintek’s planned notice for additional mitigation guidance and deployment considerations.
Evidence notes
All substantive claims are taken from the supplied CISA CSAF advisory metadata and remediation fields. The advisory states the input-verification weakness, the low-privileged-user impact, the affected product list, and the vendor-fixed versions. No exploitation campaign, KEV entry, or ransomware association is provided in the supplied corpus, so none is asserted here.
Official resources
-
CVE-2025-14750 CVE record
CVE.org
-
CVE-2025-14750 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA’s CSAF advisory ICSA-26-022-05 was published on 2026-01-22 and is the source of record used here. The source corpus does not indicate KEV listing or known ransomware use.