CVE-2025-41658

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 95.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone SL Codesys Control FOR Empc-a/imx6 SL Codesys Control FOR Iot2000 SL +9 more

Timeline

PublishedAug 4

Description

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

▶CVEListV5codesys/runtime_toolkit0.0.0.0 — 3.5.21.20

▶CVEListV5codesys/virtual_control_sl0.0.0.0 — 4.16.0.0

▶CVEListV5codesys/control_for_linux_sl0.0.0.0 — 4.16.0.0

▶CVEListV5codesys/control_for_pfc100_sl0.0.0.0 — 4.16.0.0

▶CVEListV5codesys/control_for_pfc200_sl0.0.0.0 — 4.16.0.0

🔴Vulnerability Details

CVEList

CODESYS Toolkit Exposes Sensitive Files via Default Permissions↗2025-08-04

▶

GHSA

GHSA-ff63-c723-v97g: CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions↗2025-08-04

▶