CVE-2025-41700

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 83.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Codesys Codesys Development SystemCodesys Codesys
Timeline
PublishedDec 1

Description

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5codesys/codesys_development_system0.0.03.5.21.40
NVDcodesys/codesys< 3.5.21.40

🔴Vulnerability Details

2
CVEList
CODESYS Development System - Deserialization of Untrusted Data2025-12-01
GHSA
GHSA-cx2q-9f4q-7mgw: An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a COD2025-12-01
CVE-2025-41700 (HIGH CVSS 7.8) | An unauthenticated attacker can tri | cvebase.io