~/cve/CVE-2025-41660

pipeline liveDigest Docs

CVE-2025-41660

published 2026-03-24

CVE-2025-41660: A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
codesys	codesys_control_for_beaglebone_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_empc-a_imx6_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_iot2000_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_linux_arm_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_linux_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_pfc100_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_pfc200_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_plcnext_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_raspberry_pi_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_for_wago_touch_panels_600_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0
codesys	codesys_control_rte	>= 0.0.0 < 3.5.22.0	3.5.22.0
codesys	codesys_control_rte_sl	>= 0.0.0 < 3.5.22.0	3.5.22.0
codesys	codesys_control_win	>= 0.0.0 < 3.5.22.0	3.5.22.0
codesys	codesys_hmi	>= 0.0.0 < 3.5.22.0	3.5.22.0
codesys	codesys_runtime_toolkit	>= 0.0.0 < 3.5.22.0	3.5.22.0
codesys	codesys_virtual_control_sl	>= 0.0.0 < 4.21.0.0	4.21.0.0