VDE-2025-069 | CERT@VDE

2025-07-31 12:00 (CEST) VDE-2025-069

Helmholz: Sandbox escape in REX200/250 LUA interpreter

Share: Email | Twitter

ID

VDE-2025-069

Published

2025-07-31 12:00 (CEST)

Last update

2025-07-28 09:18 (CEST)

Vendor(s)

Helmholz GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	REX 200/250	< 7.3.0
	REX 300	<= 5.1.11

Summary

An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system compromise.

CVE ID

CVE-2025-41688

Last Update:

1. August 2025 11:48

Severity

7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Isolation or Compartmentalization (CWE-653)

Summary

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.

Details

cert.vde.com

Impact

This vulnerability allows an authenticated remote attacker to fully compromise the system by executing arbitrary OS commands.

Solution

Remediation

Update REX 200/250 to at least version 7.3.0
Note: REX 300 is EOL and will not receive any further updates.

Reported by

CERT@VDE coordinated with Helmholz GmbH & Co. KG

Marcel Rick-Cen for reporting