CVE-2025-2595

Summary

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Visualization0.0.0.0 < 4.8.0.0affected

Weaknesses

  • CWE-425: CWE-425: Direct Request ('Forced Browsing')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References