{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T04:15:05.416","vulnerabilities":[{"cve":{"id":"CVE-2025-41728","sourceIdentifier":"info@cert.vde.com","published":"2026-01-27T12:15:57.717","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response."},{"lang":"es","value":"Un atacante remoto con privilegios bajos podría divulgar información confidencial de la memoria de un proceso privilegiado enviando llamadas especialmente diseñadas al servicio web del Administrador de dispositivos que causan una operación de lectura fuera de límites bajo ciertas circunstancias debido a ASLR y, por lo tanto, copiar potencialmente información confidencial en una respuesta."}],"metrics":{"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://certvde.com/de/advisories/VDE-2025-092","source":"info@cert.vde.com"}]}}]}