CVE-2025-41660 - Vulnerability Details - OpenCVE

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2026-011

History

Tue, 24 Mar 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
Title		CODESYS Control Boot Application Replacement Enables Code Execution
Weaknesses		CWE-669
References		https://certvde.com/de/advisories/VDE-2026-011
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-03-24T07:41:43.004Z

Updated: 2026-03-24T07:41:43.004Z

Reserved: 2025-04-16T11:17:48.307Z

Link: CVE-2025-41660

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-24T08:16:00.230

Modified: 2026-03-24T08:16:00.230

Link: CVE-2025-41660

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41660", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.307Z", "datePublished": "2026-03-24T07:41:43.004Z", "dateUpdated": "2026-03-24T07:41:43.004Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CODESYS Control RTE (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.22.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.22.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control Win (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.22.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS HMI (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.22.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Runtime Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.22.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for Linux ARM SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for PLCnext SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Virtual Control SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.21.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Luca Borzacchiello from Nozomi Networks"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.<br>"}], "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-03-24T07:41:43.004Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-011"}], "source": {"advisory": "VDE-2026-011", "defect": ["CERT@VDE#641802"], "discovery": "UNKNOWN"}, "title": "CODESYS Control Boot Application Replacement Enables Code Execution", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}