CVE-2025-41658

Medienbericht

EPSS 0.02%
Veröffentlicht 04.08.2025 08:15:47
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

CODESYS Toolkit Exposes Sensitive Files via Default Permissions

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 12 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCODESYS

≫

Produkt Runtime Toolkit

Default Statusunaffected

Version 0.0.0.0

Version < 3.5.21.20

Status affected

HerstellerCODESYS

≫

Produkt Control for BeagleBone SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for emPC-A/iMX6 SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for IOT2000 SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for Linux ARM SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for Linux SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for PFC100 SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for PFC200 SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for PLCnext SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for Raspberry Pi SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for WAGO Touch Panels 600 SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

HerstellerCODESYS

≫

Produkt Virtual Control SL

Default Statusunaffected

Version 0.0.0.0

Version < 4.16.0.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html

Media Report

https://certvde.com/de/advisories/VDE-2025-049

https://nvd.nist.gov/vuln/detail/CVE-2025-41658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41658

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-41658