CVE-2025-41727
published 2026-01-27CVE-2025-41727: A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain…
PriorityP347high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.16%
5.9th percentile
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beckhoff_automation | beckhoff.device.manager.xar | >= 0.0.0 < 2.5.3 | 2.5.3 |
| beckhoff_automation | mdp_for_beckhoff_rt_linux | >= 0.0.0 < 0.0.5 | 0.0.5 |
| beckhoff_automation | mdp_software_package_for_twincat_bsd | >= 0.0.0 < 1.7.0.0 | 1.7.0.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-27
Published