CVE-2025-41660

Medienbericht

EPSS 0.27%
Veröffentlicht 24.03.2026 07:41:43
Zuletzt bearbeitet 24.03.2026 15:53:48
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

CODESYS Control Boot Application Replacement Enables Code Execution

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 16 VulnDex Vulnerability Enrichment 16

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCODESYS

≫

Produkt CODESYS Control RTE (SL)

Default Statusunaffected

Version 0.0.0

Version < 3.5.22.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control RTE (for Beckhoff CX) SL

Default Statusunaffected

Version 0.0.0

Version < 3.5.22.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control Win (SL)

Default Statusunaffected

Version 0.0.0

Version < 3.5.22.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS HMI (SL)

Default Statusunaffected

Version 0.0.0

Version < 3.5.22.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Runtime Toolkit

Default Statusunaffected

Version 0.0.0

Version < 3.5.22.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for BeagleBone SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for emPC-A/iMX6 SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for IOT2000 SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for Linux ARM SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for Linux SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for PFC100 SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for PFC200 SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for PLCnext SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for Raspberry Pi SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Control for WAGO Touch Panels 600 SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

HerstellerCODESYS

≫

Produkt CODESYS Virtual Control SL

Default Statusunaffected

Version 0.0.0

Version < 4.21.0.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.502

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-669 Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html

Media Report

https://certvde.com/de/advisories/VDE-2026-011

https://nvd.nist.gov/vuln/detail/CVE-2025-41660

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41660

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41660

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-41660