cbcvebase.
CVE-2025-41728
published 2026-01-27

CVE-2025-41728: A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to…

PriorityP431medium5.3CVSS 3.1
AVNACHPRLUINSUCHINAN
EPSS
0.31%
22.6th percentile
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.

Affected

3 ranges
VendorProductVersion rangeFixed in
beckhoff_automationbeckhoff.device.manager.xar>= 0.0.0 < 2.5.32.5.3
beckhoff_automationmdp_for_beckhoff_rt_linux>= 0.0.0 < 0.0.50.0.5
beckhoff_automationmdp_software_package_for_twincat_bsd>= 0.0.0 < 1.7.0.01.7.0.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.