Why is it important to report vulnerabilities?

At STIHL, we take the security of our systems and data seriously. We recognise the importance of collaboration with customers, security researchers and members of the broader community to identify and address potential vulnerabilities.

This policy applies to all systems, software, products, and infrastructure owned or operated by Andreas Stihl Limited.  

How to make a report

1. Gather relevant information

When reporting a vulnerability, please include the following information:

  • Item number of the affected product
  • Type of vulnerability
  • Vulnerable component and version
  • CVE-ID or CWE-ID, if available

Please do not send us sensitive information that could be used to exploit the vulnerability. After the initial contact we will provide you with a secure communication channel to upload and share further information.

2. Submit your report

To report a vulnerability, please send an email to

Please use a descriptive subject line, such as "Security Vulnerability Report," and provide the information mentioned above in your email.

3. Response and collaboration

Our security team will review your report and share a secure communication channel with you.  We will work on your report to verify and address the vulnerability. We may reach out to you for further information or clarification during this process.

Once the vulnerability has been resolved, we will notify you.

Contact us

For general inquiries or assistance, please contact us at