CVE-2025-41659

EUVD-2025-23491
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CERTVDECNA
8.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
codesyscontrol_rte_sl
0.0.0.0 ≤
𝑥
< 3.5.21.20
CNA
codesyscontrol_rte_sl
0.0.0.0 ≤
𝑥
< 4.17.0.0
CNA
Common Weakness Enumeration
References
https://certvde.com/de/advisories/VDE-2025-051