216.73.217.50

CVE-2025-41659

· Published 04/08/2025 08:15 · Modified 04/08/2025 15:06

Labels: CVE-2025-41659 2025-08-04CVE-2025-41659CWE-732[email protected]

Essential information

Published
04/08/2025 08:15
Modified
04/08/2025 15:06
Author
Creator
CVSS
8.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CVSS metrics

Description

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cODESYS / cODESYS control cpe:2.3:a:cODESYS:cODESYS_control:*:*:*:*:*:*:*:*

References