VDE-2025-069
Last update
31.07.2025 12:00
Published at
31.07.2025 12:00
Vendor(s)
Helmholz GmbH & Co. KG
External ID
VDE-2025-069
CSAF Document
Summary
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system compromise.
Impact
This vulnerability allows an authenticated remote attacker to fully compromise the system by executing arbitrary OS commands.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Helmholz REX 200/250 | Firmware <7.3.0 | |
| Helmholz REX 300 | Firmware <=5.1.11 |
Vulnerabilities
Expand / Collapse all
Published
22.09.2025 14:58
Severity
Weakness
Improper Isolation or Compartmentalization (CWE-653)
Summary
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
References
Remediation
Update REX 200/250 to at least version 7.3.0\
Note: REX 300 is EOL and will not receive any further updates.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 31.07.2025 12:00 | Initial revision. |