Vulnerability-Lookup

BDU:2026-00083

Vulnerability from fstec - Published: 04.08.2025

Title

Уязвимость программных продуктов CODESYS, связанная с некорректно используемыми стандартными разрешениями, позволяющая нарушителю получить доступ к конфиденциальной информации

Description

Уязвимость программных продуктов CODESYS связана с некорректно используемыми стандартными разрешениями. Эксплуатация уязвимости может позволить нарушителю получить доступ к конфиденциальной информации

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vendor

CODESYS GmbH

Software Name

CODESYS Control for BeagleBone SL, CODESYS Control for emPC-A/iMX6 SL, CODESYS Control for IOT2000 SL, CODESYS Control for Linux ARM SL, CODESYS Control for Linux SL, CODESYS Control for PFC100 SL, CODESYS Control for PFC200 SL, CODESYS Control for PLCnext SL, CODESYS Control for Raspberry Pi SL, CODESYS Control for WAGO Touch Panels 600 SL, CODESYS Virtual Control SL, CODESYS Runtime Toolkit

Software Version

до 4.16.0.0 (CODESYS Control for BeagleBone SL), до 4.16.0.0 (CODESYS Control for emPC-A/iMX6 SL), до 4.16.0.0 (CODESYS Control for IOT2000 SL), до 4.16.0.0 (CODESYS Control for Linux ARM SL), до 4.16.0.0 (CODESYS Control for Linux SL), до 4.16.0.0 (CODESYS Control for PFC100 SL), до 4.16.0.0 (CODESYS Control for PFC200 SL), до 4.16.0.0 (CODESYS Control for PLCnext SL), до 4.16.0.0 (CODESYS Control for Raspberry Pi SL), до 4.16.0.0 (CODESYS Control for WAGO Touch Panels 600 SL), до 4.16.0.0 (CODESYS Virtual Control SL), до 3.5.21.20 (CODESYS Runtime Toolkit)

Possible Mitigations

Использование рекомендаций: https://certvde.com/de/advisories/VDE-2025-049/

Reference

https://certvde.com/de/advisories/VDE-2025-049/

CWE

CWE-276

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "CODESYS GmbH",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 4.16.0.0 (CODESYS Control for BeagleBone SL), \u0434\u043e 4.16.0.0 (CODESYS Control for emPC-A/iMX6 SL), \u0434\u043e 4.16.0.0 (CODESYS Control for IOT2000 SL), \u0434\u043e 4.16.0.0 (CODESYS Control for Linux ARM SL), \u0434\u043e 4.16.0.0 (CODESYS Control for Linux SL), \u0434\u043e 4.16.0.0 (CODESYS Control for PFC100 SL), \u0434\u043e 4.16.0.0 (CODESYS Control for PFC200 SL), \u0434\u043e 4.16.0.0 (CODESYS Control for PLCnext SL), \u0434\u043e 4.16.0.0 (CODESYS Control for Raspberry Pi SL), \u0434\u043e 4.16.0.0 (CODESYS Control for WAGO Touch Panels 600 SL), \u0434\u043e 4.16.0.0 (CODESYS Virtual Control SL), \u0434\u043e 3.5.21.20 (CODESYS Runtime Toolkit)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://certvde.com/de/advisories/VDE-2025-049/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "04.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.01.2026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-00083",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-41658",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "CODESYS Control for BeagleBone SL, CODESYS Control for emPC-A/iMX6 SL, CODESYS Control for IOT2000 SL, CODESYS Control for Linux ARM SL, CODESYS Control for Linux SL, CODESYS Control for PFC100 SL, CODESYS Control for PFC200 SL, CODESYS Control for PLCnext SL, CODESYS Control for Raspberry Pi SL, CODESYS Control for WAGO Touch Panels 600 SL, CODESYS Virtual Control SL, CODESYS Runtime Toolkit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 CODESYS, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f (CWE-276)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 CODESYS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://certvde.com/de/advisories/VDE-2025-049/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-276",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2025-41658 (GCVE-0-2025-41658)

Vulnerability from cvelistv5 – Published: 2025-08-04 08:03 – Updated: 2025-08-04 11:52

Title

CODESYS Toolkit Exposes Sensitive Files via Default Permissions

Summary

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-276 - Incorrect Default Permissions

Assigner

CERTVDE

References

URL

Tags

https://certvde.com/de/advisories/VDE-2025-049

Impacted products

Vendor

Product

Version

CODESYS

Runtime Toolkit

Affected: 0.0.0.0 , < 3.5.21.20 (semver)

CODESYS	Control for BeagleBone SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for emPC-A/iMX6 SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for IOT2000 SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for Linux ARM SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for Linux SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for PFC100 SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for PFC200 SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for PLCnext SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for Raspberry Pi SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Control for WAGO Touch Panels 600 SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)
CODESYS	Virtual Control SL	Affected: 0.0.0.0 , < 4.16.0.0 (semver)

Credits

Luca Borzacchiello from Nozomi Networks

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41658",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-04T11:52:31.347383Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-04T11:52:37.949Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Runtime Toolkit",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.21.20",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for BeagleBone SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for emPC-A/iMX6 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for IOT2000 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for Linux ARM SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for Linux SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for PFC100 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for PFC200 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for PLCnext SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for Raspberry Pi SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for WAGO Touch Panels 600 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Virtual Control SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.16.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Luca Borzacchiello from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.\u003cbr\u003e"
            }
          ],
          "value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-04T08:03:26.511Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-049"
        }
      ],
      "source": {
        "advisory": "VDE-2025-049",
        "defect": [
          "CERT@VDE#641799"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "CODESYS Toolkit Exposes Sensitive Files via Default Permissions",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-41658",
    "datePublished": "2025-08-04T08:03:26.511Z",
    "dateReserved": "2025-04-16T11:17:48.306Z",
    "dateUpdated": "2025-08-04T11:52:37.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2026-00083

CVE-2025-41658 (GCVE-0-2025-41658)

Tags

Sightings

Nomenclature