CVE-2025-41658

Summary

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Affected Software

VendorProductVersion RangeStatus
CODESYSRuntime Toolkit0.0.0.0 < 3.5.21.20affected
CODESYSControl for BeagleBone SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for emPC-A/iMX6 SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for IOT2000 SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for Linux ARM SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for Linux SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for PFC100 SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for PFC200 SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for PLCnext SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for Raspberry Pi SL0.0.0.0 < 4.16.0.0affected
CODESYSControl for WAGO Touch Panels 600 SL0.0.0.0 < 4.16.0.0affected
CODESYSVirtual Control SL0.0.0.0 < 4.16.0.0affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References