AI description
CVE-2025-41660 is a vulnerability affecting the CODESYS Control runtime system. It is described as a resource transfer flaw that enables a low-privileged remote attacker to replace the boot application of the system. This unauthorized replacement can lead to the execution of arbitrary code on the affected system. Exploitation of this vulnerability typically involves an attacker first obtaining service-level credentials. These credentials might be acquired through methods such as exploiting weak default passwords, compromising an engineer's workstation, or leveraging other vulnerabilities to steal local password hashes. Once authenticated, the attacker can then abuse the standard project backup workflow to upload and restore tampered project files.
- Description
- A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
- Source
- info@cert.vde.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- info@cert.vde.com
- CWE-669
- Hype score
- Not currently trending
Nozomi researchers chain CVE-2025-41658, CVE-2025-41659, and CVE-2025-41660 in CODESYS Control runtime, allowing authenticated attackers to inject malicious code and achieve root-level control of PLCs across manufacturing, energy, and water sec... #DFIR_Radar https://t.co/45GfiH
@DFIR_Radar
1 May 2026
155 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Backdooring CODESYS Applications via Vulnerability Chaining #PLC CVE-2025-41658 + CVE-2025-41659 + CVE-2025-41660 https://t.co/Dlm1VsW1gP https://t.co/4OJyigA3VG
@blackorbird
26 Apr 2026
3539 Impressions
10 Retweets
31 Likes
13 Bookmarks
1 Reply
1 Quote
CVE Alert: CVE-2025-41660 - CODESYS - CODESYS Control RTE (SL) - https://t.co/ryzoD4lLvC #OSINT #ThreatIntel #CyberSecurity #cve-2025-41660 #codesys #codesys-control-rte-sl
@RedPacketSec
24 Mar 2026
180 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41660 CODESYS Control Runtime System Remote Code Execution via Boot Application Replacement https://t.co/uXgsUHbCI3
@VulmonFeeds
24 Mar 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41660 A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution. https://t.co/aXhLKHVKM3
@CVEnew
24 Mar 2026
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-41660: HIGH] A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.#cve,CVE-2025-41660,#cybersecurity https://t.co/6FvLtbDlOw
@CveFindCom
24 Mar 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes