CVE-2025-41727

Summary

A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.

Affected Software

VendorProductVersion RangeStatus
Beckhoff AutomationBeckhoff.Device.Manager.XAR0.0.0 < 2.5.3affected
Beckhoff AutomationMDP software package for TwinCAT/BSD0.0.0 < 1.7.0.0affected
Beckhoff AutomationMDP for Beckhoff RT Linux(R)0.0.0 < 0.0.5affected

Weaknesses

  • CWE-420: CWE-420 Unprotected Alternate Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References