All news with #viessmann tag

Viessmann Vitogate 300: OS Command Injection Risks

🚨 CISA published an advisory on September 23, 2025, describing high‑severity vulnerabilities in Viessmann's Vitogate 300 gateway. The advisory identifies an OS command injection (CWE‑78, CVE‑2025‑9494) and a client‑side enforcement bypass (CWE‑602, CVE‑2025‑9495) that can enable command modification or unexpected client–server interactions. A CVSS v4 base score of 8.7 is reported overall, and affected devices running versions prior to 3.1.0.1 should be upgraded. CISA notes these issues are not remotely exploitable and recommends updating to 3.1.0.1 and implementing network hardening controls.