CVE-2025-2595

Published Apr 23, 2025

Last updated 2 months ago

CVSS medium 5.3

Overview

Description
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Source
info@cert.vde.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

info@cert.vde.com
CWE-425

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJy6tj (CVE-2025-2595 | CODESYS Visualization up to 4.7.x Template direct request (VDE-2025-027)) has been published on https://t.co/icBslCOaII

    @WolfgangSesin

    23 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.