CVE-2025-41659

Published Aug 4, 2025

Last updated 16 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-41659 describes a vulnerability within the CODESYS Control runtime system. This flaw permits a low-privileged attacker to remotely access the Public Key Infrastructure (PKI) folder. Once access is gained, the attacker can read and write certificates and their associated keys. This manipulation could lead to the extraction of sensitive data or the acceptance of certificates as trusted. Should certificates be deleted, the system would then default to unencrypted communication.

Description: A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
Source: info@cert.vde.com
NVD status: Deferred

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.3
Impact score: 5.5
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Severity: HIGH

Weaknesses

info@cert.vde.com: CWE-732

Hype score: Not currently trending

References