AI description
CVE-2025-41658 is a vulnerability found in CODESYS Runtime Toolkit-based products. It stems from incorrect default permissions, which can allow local users to access sensitive files and extract password hashes. This flaw may expose sensitive files to local low-privileged operating system users due to these default file permissions.
- Description
- CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
- Source
- info@cert.vde.com
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- info@cert.vde.com
- CWE-276
- Hype score
- Not currently trending
Backdooring CODESYS Applications via Vulnerability Chaining #PLC CVE-2025-41658 + CVE-2025-41659 + CVE-2025-41660 https://t.co/Dlm1VsW1gP https://t.co/4OJyigA3VG
@blackorbird
26 Apr 2026
3539 Impressions
10 Retweets
31 Likes
13 Bookmarks
1 Reply
1 Quote
CVE-2025-41658 CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. https://t.co/bBcc86Vacn
@CVEnew
4 Aug 2025
432 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes