Description

A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.

Classification

CVE ID: CVE-2025-1235

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor: WAGO

Product: Fully Managed Switches 0852-0303, Fully Managed Switches 0852-1305, Fully Managed Switches 0852-1305/0000-0001, Fully Managed Switches 0852-1505, Fully Managed Switches 0852-1505/0000-0001, Lean Managed Switches 0852-1812, Lean Managed Switches 0852-1812/0010-0000, Lean Managed Switches 0852-1813, Lean Managed Switches 0852-1813/0000-0001, Lean Managed Switches 0852-1813/0010-0000, Lean Managed Switches 0852-1813/0010-0001, Lean Managed Switches 0852-1816, Lean Managed Switches 0852-1816/0010-0000

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.55% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1235
https://cert.vde.com/en/advisories/VDE-2025-020

Timeline