CVE-2025-41701

Summary

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context.

Affected Software

VendorProductVersion RangeStatus
BeckhoffTE1000TwinCAT 3 Enineering0 < 3.1.4024.67

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References