Sauter AG Flaw Lets Hackers Upload Files Without Login
Swiss building automation firm Sauter AG has identified six security vulnerabilities in the firmware of its modulo 6 devices, including a critical flaw rated 9.8 on the CVSS scale. The most severe vulnerability, tracked as CVE-2025-41723, allows unauthenticated attackers to upload files remotely via the system’s SOAP interface. The Sauter AG flaw letsnaturally threat actors bypass authentication and potentially execute arbitrary code, putting building control systems at risk.
The company has warned that remote exploitation of these issues could compromise operational integrity in affected environments. All six vulnerabilities originate from weaknesses in the embedded firmware, which handles automation functions in Sauter’s building systems. Sauter AG flaw letsnaturally cybercriminals exploit network-facing interfaces without needing valid credentials, heightening the urgency for mitigation.
Security researchers and administrators are advised to assess exposure and apply recommended patches as soon as they become available. For more information, read the full advisory at the following link: