CVE-2025-46418 Westermo Network Technologies CVE debrief

Who should care

Industrial and OT organizations using Westermo WeOS 5, especially teams that administer device configuration, media definitions, and privileged administrative access.

Technical summary

The supplied CSAF advisory describes unsafe handling of media definitions that could be abused to inject OS commands. The CVSS 3.1 vector is AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H, which indicates network reachability but also high privileges and user interaction requirements, with potentially severe confidentiality, integrity, and availability impact if successful.

Defensive priority

High priority for OT environments because the issue can affect core device administration and may enable command execution on an industrial network device.

Recommended defensive actions

• Apply Westermo’s documented mitigations; the advisory states they do not require a software update.
• Limit administration account access to trusted parties only.
• Use strong password practices for administration accounts.
• Review and follow Westermo security advisory Westermo-25-07 for the vendor’s full mitigation guidance.
• Verify whether any Westermo WeOS 5 devices in your environment expose administrative functions to broader-than-necessary users or networks.
• Track CISA and vendor advisories for any follow-up guidance or version-specific updates.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory for ICSA-25-261-01 / CVE-2025-46418 and the associated official references. The source description states that Westermo identified a vulnerability in WeOS 5 that could potentially be used to inject OS commands due to unsafe handling of media definitions. The supplied remediation text says mitigations do not require a software update and specifically calls out restricting administration account access and using strong password practices. No KEV entry or ransomware linkage is present in the supplied enrichment.

Official resources