CVE-2025-41700
published 2025-12-01CVE-2025-41700: An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | codesys | < 3.5.21.40 | 3.5.21.40 |
| codesys | codesys_development_system | >= 0.0.0 < 3.5.21.40 | 3.5.21.40 |