CVE-2025-41728
published 2026-01-27CVE-2025-41728: A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to…
PriorityP431medium5.3CVSS 3.1
AVNACHPRLUINSUCHINAN
EPSS
0.31%
22.6th percentile
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beckhoff_automation | beckhoff.device.manager.xar | >= 0.0.0 < 2.5.3 | 2.5.3 |
| beckhoff_automation | mdp_for_beckhoff_rt_linux | >= 0.0.0 < 0.0.5 | 0.0.5 |
| beckhoff_automation | mdp_software_package_for_twincat_bsd | >= 0.0.0 < 1.7.0.0 | 1.7.0.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-27
Published