CVE-2025-41659— CODESYS Control PKI Exposure Enables Remote Certificate Access
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-41659
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CODESYS Control PKI Exposure Enables Remote Certificate Access
Source: NVD (National Vulnerability Database)
Vulnerability Description
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键资源的不正确权限授予
Source: NVD (National Vulnerability Database)
Vulnerability Title
CODESYS Control 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CODESYS Control是德国CODESYS公司的一套工业控制程序编程软件。 CODESYS Control存在安全漏洞,该漏洞源于远程访问PKI文件夹,可能导致提取敏感数据或接受受信任证书。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CODESYS | Control RTE (SL) | 0.0.0.0 ~ 3.5.21.20 | - | |
| CODESYS | Control RTE (for Beckhoff CX) SL | 0.0.0.0 ~ 3.5.21.20 | - | |
| CODESYS | Control Win (SL) | 0.0.0.0 ~ 3.5.21.20 | - | |
| CODESYS | HMI (SL) | 0.0.0.0 ~ 3.5.21.20 | - | |
| CODESYS | Runtime Toolkit | 0.0.0.0 ~ 3.5.21.20 | - | |
| CODESYS | Control for BeagleBone SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for emPC-A/iMX6 SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for IOT2000 SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for Linux ARM SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for Linux SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for PFC100 SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for PFC200 SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for PLCnext SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for Raspberry Pi SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Control for WAGO Touch Panels 600 SL | 0.0.0.0 ~ 4.17.0.0 | - | |
| CODESYS | Virtual Control SL | 0.0.0.0 ~ 4.17.0.0 | - |
II. Public POCs for CVE-2025-41659
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-41659
请登录查看更多情报信息。
Same Patch Batch · CODESYS · 2025-08-04 · 3 CVEs total
| CVE-2025-41691 | 7.5 HIGH | CODESYS Control DoS via Unauthenticated NULL Pointer Dereference |
| CVE-2025-41658 | 5.5 MEDIUM | CODESYS Toolkit Exposes Sensitive Files via Default Permissions |
IV. Related Vulnerabilities
Same vendor: CODESYS
- CVE-2026-35225
Improper timeout handling in CODESYS EtherNetIP - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2025-41660
CODESYS Control Boot Application Replacement Enables Code Ex - CVE-2026-2364
CODESYS Installer TOCTOU Privilege Escalation - CVE-2025-41700
CODESYS Development System - Deserialization of Untrusted Da
Same weakness: CWE-732
- CVE-2026-41288
WatchGuard Agent on Windows Privilege Escalation Vulnerabili - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-6499
ILM Informatique OpenConcerto 安全漏洞 - CVE-2026-41366
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLo - CVE-2026-35367
uutils coreutils nohup Information Disclosure via Insecure D
V. Comments for CVE-2025-41659
No comments yet