Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47809 (GCVE-0-2025-47809)
Vulnerability from cvelistv5 – Published: 2025-05-16 00:00 – Updated: 2025-05-16 13:36
VLAI
EPSS
Summary
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-272 - Least Privilege Violation
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:35:54.604112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:36:00.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter",
"vendor": "Wibu",
"versions": [
{
"lessThan": "8.30a",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.30a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T00:18:40.444Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.wibu.com/support/security-advisories/wibu-100120.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-47809",
"datePublished": "2025-05-16T00:00:00.000Z",
"dateReserved": "2025-05-10T00:00:00.000Z",
"dateUpdated": "2025-05-16T13:36:00.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47809",
"date": "2026-06-07",
"epss": "0.00069",
"percentile": "0.21446"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47809\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-05-16T01:15:51.827\",\"lastModified\":\"2025-05-16T14:42:18.700\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.\"},{\"lang\":\"es\",\"value\":\"Las versiones anteriores a la versi\u00f3n 8.30a de Wibu CodeMeter a veces permiten la escalada de privilegios inmediatamente despu\u00e9s de la instalaci\u00f3n (antes de cerrar sesi\u00f3n o reiniciar). Para que esto ocurra, debe haber una instalaci\u00f3n sin privilegios con Control de cuentas de usuario (UAC), y el componente CodeMeter Control Center debe estar instalado y no debe haberse reiniciado. En este caso, el usuario local puede acceder desde Importar licencia a una instancia privilegiada del Explorador de Windows.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-272\"}]}],\"references\":[{\"url\":\"https://www.wibu.com/support/security-advisories/wibu-100120.html\",\"source\":\"cve@mitre.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47809\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-16T13:35:54.604112Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-16T13:35:57.872Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Wibu\", \"product\": \"CodeMeter\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"8.30a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.wibu.com/support/security-advisories/wibu-100120.html\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-272\", \"description\": \"CWE-272 Least Privilege Violation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.30a\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-05-16T00:18:40.444Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47809\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T13:36:00.498Z\", \"dateReserved\": \"2025-05-10T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-05-16T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
VDE-2025-064
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2025-09-09 07:00 - Updated: 2025-09-09 07:00Summary
Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation
Severity
High
Notes
Summary: A local privilege escalation vulnerability in Phoenix Contact products utilizing WIBU-SYSTEMS CodeMeter Runtime allows users to gain admin rights on freshly installed systems. The CodeMeter Control Center starts with elevated privileges and retains them until restarted, enabling unauthorized access to admin tools like cmd.exe.
Impact: The effect is that CodeMeter Control Center can be launched once as administrator and will remain with these privileges until it is either manually closed or the user is logged out. In this case a malicious user can navigate, for example, to C:\Windows\System32\ and right-click on cmd.exe and select "open", thus getting an administrator console. This vulnerability only affects freshly installed systems until CodeMeter Control Center is restarted.
Remediation: PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V8.30a, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V8.30a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.
Additional Recommendations:
Regularly check the product's official webpage for updated release versions that support CodeMeter V8.30a.
Update the Activation Wizard to version 1.8 as soon as it becomes available on the product's download page.
General Recommendation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
Mitigation: After installing the CodeMeter Control Center (at least once), please perform one of the following actions:
- Restart your system
- Log-out and log-in in
- Manually close or restart the CodeMeter Control Center via the system tray icon
These steps must be followed immediately after installing the CodeMeter Runtime or any product that includes the CodeMeter Runtime.
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
8.2 (High)
Vendor Fix
PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V8.30a, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V8.30a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.
Additional Recommendations:
Regularly check the product's official webpage for updated release versions that support CodeMeter V8.30a.
Update the Activation Wizard to version 1.8 as soon as it becomes available on the product's download page.
Mitigation
After installing the CodeMeter Control Center (at least once), please perform one of the following actions:
- Restart your system
- Log-out and log-in in
- Manually close or restart the CodeMeter Control Center via the system tray icon
These steps must be followed immediately after installing the CodeMeter Runtime or any product that includes the CodeMeter Runtime.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PLCnext Engineer 2025.0.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1046008
|
PLCnext Engineer 2025.0.3 | |
|
PLCnext Engineer EDU LIC 2025.0.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1165889
|
PLCnext Engineer EDU LIC 2025.0.3 | |
|
Activation Wizard 1.8
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
Activation Wizard 1.8 |
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Activation Wizard <1.8
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
Activation Wizard<1.8 | ||
|
PLCnext Engineer <2025.0.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1046008
|
PLCnext Engineer<2025.0.3 | |
|
PLCnext Engineer EDU LIC <2025.0.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1165889
|
PLCnext Engineer EDU LIC<2025.0.3 | |
|
FL Network Manager <=8.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
2702889
|
FL Network Manager<=8.0 | |
|
EV Charging Suite (all versions) <=1.7.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
115350911535081128335108692910869211086920
|
EV Charging Suite (all versions)<=1.7.0 | |
|
EV Charging Suite (all upgrades) <=1.7.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
11535201153516115351310868911086889
|
EV Charging Suite (all upgrades)<=1.7.0 | |
|
CLIPX ENGINEER ASSEMBLE <=1.0.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1662166
|
CLIPX ENGINEER ASSEMBLE<=1.0.0 | |
|
MLnext Execution <=1.1.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1391115
|
MLnext Execution<=1.1.3 | |
| Unresolved product id: CSAFPID-31001 | — | ||
|
MLnext Creation <=24.10.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1697763
|
MLnext Creation<=24.10.0 |
References
5 references
Acknowledgments
CERT@VDE
certvde.com
WIBU-SYSTEMS
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination.",
"urls": [
"https://certvde.com"
]
},
{
"organization": "WIBU-SYSTEMS",
"summary": "reporting."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A local privilege escalation vulnerability in Phoenix Contact products utilizing WIBU-SYSTEMS CodeMeter Runtime allows users to gain admin rights on freshly installed systems. The CodeMeter Control Center starts with elevated privileges and retains them until restarted, enabling unauthorized access to admin tools like cmd.exe.",
"title": "Summary"
},
{
"category": "description",
"text": "The effect is that CodeMeter Control Center can be launched once as administrator and will remain with these privileges until it is either manually closed or the user is logged out. In this case a malicious user can navigate, for example, to C:\\Windows\\System32\\ and right-click on cmd.exe and select \"open\", thus getting an administrator console. This vulnerability only affects freshly installed systems until CodeMeter Control Center is restarted.",
"title": "Impact"
},
{
"category": "description",
"text": "PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V8.30a, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V8.30a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.\n\nAdditional Recommendations:\nRegularly check the product\u0027s official webpage for updated release versions that support CodeMeter V8.30a.\nUpdate the Activation Wizard to version 1.8 as soon as it becomes available on the product\u0027s download page.",
"title": "Remediation"
},
{
"category": "general",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).",
"title": "General Recommendation"
},
{
"category": "description",
"text": "After installing the CodeMeter Control Center (at least once), please perform one of the following actions:\n- Restart your system\n- Log-out and log-in in\n- Manually close or restart the CodeMeter Control Center via the system tray icon\n\n These steps must be followed immediately after installing the CodeMeter Runtime or any product that includes the CodeMeter Runtime.\n\n\n\n",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2025-00011",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "external",
"summary": "Phoenix Contact application note",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
},
{
"category": "self",
"summary": "VDE-2025-064: Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-064"
},
{
"category": "self",
"summary": "VDE-2025-064: Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-064.json"
}
],
"source_lang": "en",
"title": "Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation",
"tracking": {
"aliases": [
"VDE-2025-064",
"PCSA-2025-00011"
],
"current_release_date": "2025-09-09T07:00:00.000Z",
"generator": {
"date": "2025-09-05T10:26:08.025Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.33"
}
},
"id": "VDE-2025-064",
"initial_release_date": "2025-09-09T07:00:00.000Z",
"revision_history": [
{
"date": "2025-09-09T07:00:00.000Z",
"number": "1",
"summary": "Initial"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Activation Wizard\u003c1.8",
"product": {
"name": "Activation Wizard \u003c1.8",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "Activation Wizard 1.8",
"product": {
"name": "Activation Wizard 1.8",
"product_id": "CSAFPID-52001"
}
},
{
"category": "product_version_range",
"name": "PLCnext Engineer\u003c2025.0.3",
"product": {
"name": "PLCnext Engineer \u003c2025.0.3",
"product_id": "CSAFPID-51002",
"product_identification_helper": {
"model_numbers": [
"1046008"
]
}
}
},
{
"category": "product_version",
"name": "PLCnext Engineer 2025.0.3",
"product": {
"name": "PLCnext Engineer 2025.0.3",
"product_id": "CSAFPID-52002",
"product_identification_helper": {
"model_numbers": [
"1046008"
]
}
}
},
{
"category": "product_version_range",
"name": "PLCnext Engineer EDU LIC\u003c2025.0.3",
"product": {
"name": "PLCnext Engineer EDU LIC \u003c2025.0.3",
"product_id": "CSAFPID-51003",
"product_identification_helper": {
"model_numbers": [
"1165889"
]
}
}
},
{
"category": "product_version",
"name": "PLCnext Engineer EDU LIC 2025.0.3",
"product": {
"name": "PLCnext Engineer EDU LIC 2025.0.3",
"product_id": "CSAFPID-52003",
"product_identification_helper": {
"model_numbers": [
"1165889"
]
}
}
},
{
"category": "product_version_range",
"name": "FL Network Manager\u003c=8.0",
"product": {
"name": "FL Network Manager \u003c=8.0",
"product_id": "CSAFPID-51004",
"product_identification_helper": {
"model_numbers": [
"2702889"
]
}
}
},
{
"category": "product_version",
"name": "FL Network Manager 9.0",
"product": {
"name": "FL Network Manager 9.0",
"product_id": "CSAFPID-52004",
"product_identification_helper": {
"model_numbers": [
"2702889"
]
}
}
},
{
"category": "product_version_range",
"name": "EV Charging Suite (all versions)\u003c=1.7.0",
"product": {
"name": "EV Charging Suite (all versions) \u003c=1.7.0",
"product_id": "CSAFPID-51005",
"product_identification_helper": {
"model_numbers": [
"1153509",
"1153508",
"1128335",
"1086929",
"1086921",
"1086920"
]
}
}
},
{
"category": "product_version_range",
"name": "EV Charging Suite (all upgrades)\u003c=1.7.0",
"product": {
"name": "EV Charging Suite (all upgrades) \u003c=1.7.0",
"product_id": "CSAFPID-51006",
"product_identification_helper": {
"model_numbers": [
"1153520",
"1153516",
"1153513",
"1086891",
"1086889"
]
}
}
},
{
"category": "product_version_range",
"name": "CLIPX ENGINEER ASSEMBLE\u003c=1.0.0",
"product": {
"name": "CLIPX ENGINEER ASSEMBLE \u003c=1.0.0",
"product_id": "CSAFPID-51007",
"product_identification_helper": {
"model_numbers": [
"1662166"
]
}
}
},
{
"category": "product_version",
"name": "CLIPX ENGINEER ASSEMBLE 1.2.0",
"product": {
"name": "CLIPX ENGINEER ASSEMBLE 1.2.0",
"product_id": "CSAFPID-52007",
"product_identification_helper": {
"model_numbers": [
"1662166"
]
}
}
},
{
"category": "product_version_range",
"name": "MLnext Execution\u003c=1.1.3",
"product": {
"name": "MLnext Execution \u003c=1.1.3",
"product_id": "CSAFPID-51012",
"product_identification_helper": {
"model_numbers": [
"1391115"
]
}
}
},
{
"category": "product_version",
"name": "MLnext Execution 25.8.0",
"product": {
"name": "MLnext Execution 25.8.0",
"product_id": "CSAFPID-52008",
"product_identification_helper": {
"model_numbers": [
"1391115"
]
}
}
},
{
"category": "product_version_range",
"name": "MTP DESIGNER / MTP DESIGNER TRAIL\u003c=1.3.1",
"product": {
"name": "MTP DESIGNER / MTP DESIGNER TRAIL \u003c=1.3.1",
"product_id": "CSAFPID-51009",
"product_identification_helper": {
"model_numbers": [
"1636198",
"1636201"
]
}
}
},
{
"category": "product_version",
"name": "MTP DESIGNER / MTP DESIGNER TRAIL 1.3.2",
"product": {
"name": "MTP DESIGNER / MTP DESIGNER TRAIL 1.3.2",
"product_id": "CSAFPID-52009",
"product_identification_helper": {
"model_numbers": [
"1636198",
"1636201"
]
}
}
},
{
"category": "product_name",
"name": "MORYX-Software Platform",
"product": {
"name": "MORYX-Software Platform",
"product_id": "CSAFPID-51010",
"product_identification_helper": {
"model_numbers": [
"1373907",
"1373909",
"1373233",
"1373910",
"1373226",
"1373236",
"1373231",
"1373224",
"1373913",
"1373912",
"1373238",
"1373914",
"1373915",
"1373916",
"1373917",
"1373918",
"1373908",
"1550573",
"1550576",
"1550581",
"1550587",
"1550580",
"1550582",
"1532628",
"1550574",
"1550589"
]
}
}
},
{
"category": "product_version_range",
"name": "MLnext Creation\u003c=24.10.0",
"product": {
"name": "MLnext Creation \u003c=24.10.0",
"product_id": "CSAFPID-51011",
"product_identification_helper": {
"model_numbers": [
"1697763"
]
}
}
},
{
"category": "product_version",
"name": "MLnext Creation 25.8.0",
"product": {
"name": "MLnext Creation 25.8.0",
"product_id": "CSAFPID-52011",
"product_identification_helper": {
"model_numbers": [
"1697763"
]
}
}
}
],
"category": "product_family",
"name": "CodeMeter Runtime licensed Software"
}
],
"category": "vendor",
"name": "Phoenix Contact GmbH \u0026 Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-61001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51012",
"CSAFPID-51009",
"CSAFPID-31001",
"CSAFPID-51011"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-62001",
"product_ids": [
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52001"
],
"summary": "Fixed Products."
}
],
"relationships": [
{
"category": "installed_with",
"full_product_name": {
"name": "Activation Wizard \u003c1.8 installed with MORYX-Software Platform",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-51001",
"relates_to_product_reference": "CSAFPID-51010"
},
{
"category": "installed_with",
"full_product_name": {
"name": "Activation Wizard 1.8 installed with MORYX-Software Platform",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51010"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"cwe": {
"id": "CWE-272",
"name": "Least Privilege Violation"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51012",
"CSAFPID-31001",
"CSAFPID-51011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V8.30a, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V8.30a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.\n\nAdditional Recommendations:\nRegularly check the product\u0027s official webpage for updated release versions that support CodeMeter V8.30a.\nUpdate the Activation Wizard to version 1.8 as soon as it becomes available on the product\u0027s download page.",
"group_ids": [
"CSAFGID-61001"
]
},
{
"category": "mitigation",
"details": "After installing the CodeMeter Control Center (at least once), please perform one of the following actions:\n- Restart your system\n- Log-out and log-in in\n- Manually close or restart the CodeMeter Control Center via the system tray icon\n\n These steps must be followed immediately after installing the CodeMeter Runtime or any product that includes the CodeMeter Runtime.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51012",
"CSAFPID-31001",
"CSAFPID-51011"
]
}
],
"title": "CVE-2025-47809"
}
]
}
VDE-2026-007
Vulnerability from csaf_trumpfsecokg - Published: 2026-02-23 08:00 - Updated: 2026-02-23 08:00Summary
TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability
Severity
High
Notes
Summary: The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.
Impact: The CodeMeter installer on Windows has a vulnerability that allows under certain circumstances an Escalation of Privileges for an unprivileged account. After installation on an unprivileged account with UAC using the built-in administrator account, CodeMeter launches the CodeMeter Control Center with system privileges.
Disclaimer: This document is provided on an \"AS IS\" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. TRUMPF SE + Co. KG reserves the right to change or update this document at any time.
Remediation: New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.
| Fixed Product | Version |
| --------------------- | -------- |
| TruTops Boost | 21.00.00 |
| TecZone Bend | 25.11.1 |
| Oseon | 8.00.00 |
| Programming Tube | 6.9 |
| TruTops Cell | 2.77.0 |
| TruTops Weld | 11.0 |
| TRUMPF License Expert | 2.3.2 |
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
8.2 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TruTops Boost 21.00.00
TRUMPF SE + Co. KG / Software / TruTops Boost
|
cpe:2.3:a:trumpf:trutopsboost:21.0.0:*:*:*:*:*:*:*
|
21.00.00 | |
|
TecZone Bend 25.11.1
TRUMPF SE + Co. KG / Software / TecZone Bend
|
cpe:2.3:a:trumpf:teczonebend:25.11.1:*:*:*:*:*:*:*
|
25.11.1 | |
|
Oseon 8.00.00
TRUMPF SE + Co. KG / Software / Oseon
|
cpe:2.3:a:trumpf:oseon:8.0.0:*:*:*:*:*:*:*
|
8.00.00 | |
|
Programming Tube 6.9
TRUMPF SE + Co. KG / Software / Programming Tube
|
cpe:2.3:a:trumpf:programmingtube:6.9.0:*:*:*:*:*:*:*
|
6.9 | |
|
TruTops Cell 2.77.0
TRUMPF SE + Co. KG / Software / TruTops Cell
|
cpe:2.3:a:trumpf:trutopscell:2.77.0:*:*:*:*:*:*:*
|
2.77.0 | |
|
TruTops Weld 11.0
TRUMPF SE + Co. KG / Software / TruTops Weld
|
cpe:2.3:a:trumpf:trutopsweld:11.0.0:*:*:*:*:*:*:*
|
11.0 | |
|
TRUMPF License Expert 2.3.2
TRUMPF SE + Co. KG / Software / TRUMPF License Expert
|
cpe:2.3:a:trumpf:trumpflicenseexpert:2.3.2:*:*:*:*:*:*:*
|
2.3.2 |
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TruTops Boost < 21.00.00
TRUMPF SE + Co. KG / Software / TruTops Boost
|
vers:semver/<21.00.00 |
Vendor Fix
|
|
|
TruTops Boost 20.04.23
TRUMPF SE + Co. KG / Software / TruTops Boost
|
cpe:2.3:a:trumpf:trutopsboost:20.04.23:*:*:*:*:*:*:*
|
20.04.23 |
Vendor Fix
|
|
TecZone Bend < 25.11.1
TRUMPF SE + Co. KG / Software / TecZone Bend
|
vers:semver/<25.11.1 |
Vendor Fix
|
|
|
TecZone Bend 25.10.0
TRUMPF SE + Co. KG / Software / TecZone Bend
|
cpe:2.3:a:trumpf:teczonebend:25.10.0:*:*:*:*:*:*:*
|
25.10.0 |
Vendor Fix
|
|
Oseon < 8.00.00
TRUMPF SE + Co. KG / Software / Oseon
|
vers:semver/<8.00.00 |
Vendor Fix
|
|
|
Oseon 7.04.23
TRUMPF SE + Co. KG / Software / Oseon
|
cpe:2.3:a:trumpf:oseon:7.04.23:*:*:*:*:*:*:*
|
7.04.23 |
Vendor Fix
|
|
Programming Tube < 6.9
TRUMPF SE + Co. KG / Software / Programming Tube
|
vers:semver/<6.9 |
Vendor Fix
|
|
|
Programming Tube 6.8
TRUMPF SE + Co. KG / Software / Programming Tube
|
cpe:2.3:a:trumpf:programmingtube:6.8.0:*:*:*:*:*:*:*
|
6.8 |
Vendor Fix
|
|
TruTops Cell < 2.77.0
TRUMPF SE + Co. KG / Software / TruTops Cell
|
vers:semver/<2.77.0 |
Vendor Fix
|
|
|
TruTops Cell 2.69.29
TRUMPF SE + Co. KG / Software / TruTops Cell
|
cpe:2.3:a:trumpf:trutopscell:2.69.29:*:*:*:*:*:*:*
|
2.69.29 |
Vendor Fix
|
|
TruTops Weld < 11.0
TRUMPF SE + Co. KG / Software / TruTops Weld
|
vers:semver/<11.0 |
Vendor Fix
|
|
|
TruTops Weld 10.0.133
TRUMPF SE + Co. KG / Software / TruTops Weld
|
cpe:2.3:a:trumpf:trutopsweld:10.0.133:*:*:*:*:*:*:*
|
10.0.133 |
Vendor Fix
|
|
TRUMPF License Expert < 2.3.2
TRUMPF SE + Co. KG / Software / TRUMPF License Expert
|
vers:semver/<2.3.2 |
Vendor Fix
|
|
|
TRUMPF License Expert 2.2.2
TRUMPF SE + Co. KG / Software / TRUMPF License Expert
|
cpe:2.3:a:trumpf:trumpflicenseexpert:2.2.2:*:*:*:*:*:*:*
|
2.2.2 |
Vendor Fix
|
References
6 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.",
"title": "Summary"
},
{
"category": "description",
"text": "The CodeMeter installer on Windows has a vulnerability that allows under certain circumstances an Escalation of Privileges for an unprivileged account. After installation on an unprivileged account with UAC using the built-in administrator account, CodeMeter launches the CodeMeter Control Center with system privileges.",
"title": "Impact"
},
{
"category": "legal_disclaimer",
"text": "This document is provided on an \\\"AS IS\\\" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. TRUMPF SE + Co. KG reserves the right to change or update this document at any time.",
"title": "Disclaimer"
},
{
"category": "description",
"text": "New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.\n\n| Fixed Product | Version |\n| --------------------- | -------- |\n| TruTops Boost | 21.00.00 |\n| TecZone Bend | 25.11.1 |\n| Oseon | 8.00.00 |\n| Programming Tube | 6.9 |\n| TruTops Cell | 2.77.0 |\n| TruTops Weld | 11.0 |\n| TRUMPF License Expert | 2.3.2 |\n",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product.security@trumpf.com",
"name": "Trumpf SE + Co. KG",
"namespace": "https://www.trumpf.com"
},
"references": [
{
"category": "external",
"summary": "Messages to TRUMPF PSIRT",
"url": "https://www.trumpf.com/en_GB/meta/security-with-trumpf/message-to-psirt/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for TRUMPF SE + Co. KG",
"url": "https://certvde.com/en/advisories/vendor/trumpf/"
},
{
"category": "self",
"summary": "VDE-2026-007: TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-007"
},
{
"category": "self",
"summary": "VDE-2026-007: TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability - CSAF",
"url": "https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-007.json"
},
{
"category": "external",
"summary": "CVE-2025-47809 - NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47809"
},
{
"category": "external",
"summary": "TRUMPF License Expert",
"url": "https://www.trumpf.com/en_INT/products/software/software-licensing/"
}
],
"title": "TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability",
"tracking": {
"aliases": [
"VDE-2026-007"
],
"current_release_date": "2026-02-23T08:00:00.000Z",
"generator": {
"date": "2026-02-19T10:48:26.979Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.43"
}
},
"id": "VDE-2026-007",
"initial_release_date": "2026-02-23T08:00:00.000Z",
"revision_history": [
{
"date": "2026-02-23T08:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c21.00.00",
"product": {
"name": "TruTops Boost \u003c 21.00.00",
"product_id": "CSAFPID-00001"
}
},
{
"category": "product_version",
"name": "21.00.00",
"product": {
"name": "TruTops Boost 21.00.00",
"product_id": "CSAFPID-00002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsboost:21.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "20.04.23",
"product": {
"name": "TruTops Boost 20.04.23",
"product_id": "CSAFPID-00003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsboost:20.04.23:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Boost"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c25.11.1",
"product": {
"name": "TecZone Bend \u003c 25.11.1",
"product_id": "CSAFPID-01001"
}
},
{
"category": "product_version",
"name": "25.11.1",
"product": {
"name": "TecZone Bend 25.11.1",
"product_id": "CSAFPID-01002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:teczonebend:25.11.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "25.10.0",
"product": {
"name": "TecZone Bend 25.10.0",
"product_id": "CSAFPID-01003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:teczonebend:25.10.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TecZone Bend"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c8.00.00",
"product": {
"name": "Oseon \u003c 8.00.00",
"product_id": "CSAFPID-02001"
}
},
{
"category": "product_version",
"name": "8.00.00",
"product": {
"name": "Oseon 8.00.00",
"product_id": "CSAFPID-02002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:oseon:8.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.04.23",
"product": {
"name": "Oseon 7.04.23",
"product_id": "CSAFPID-02003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:oseon:7.04.23:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oseon"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c6.9",
"product": {
"name": "Programming Tube \u003c 6.9",
"product_id": "CSAFPID-03001"
}
},
{
"category": "product_version",
"name": "6.9",
"product": {
"name": "Programming Tube 6.9",
"product_id": "CSAFPID-03002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:programmingtube:6.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "6.8",
"product": {
"name": "Programming Tube 6.8",
"product_id": "CSAFPID-03003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:programmingtube:6.8.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Programming Tube"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c2.77.0",
"product": {
"name": "TruTops Cell \u003c 2.77.0",
"product_id": "CSAFPID-04001"
}
},
{
"category": "product_version",
"name": "2.77.0",
"product": {
"name": "TruTops Cell 2.77.0",
"product_id": "CSAFPID-04002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopscell:2.77.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.69.29",
"product": {
"name": "TruTops Cell 2.69.29",
"product_id": "CSAFPID-04003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopscell:2.69.29:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Cell"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c11.0",
"product": {
"name": "TruTops Weld \u003c 11.0",
"product_id": "CSAFPID-05001"
}
},
{
"category": "product_version",
"name": "11.0",
"product": {
"name": "TruTops Weld 11.0",
"product_id": "CSAFPID-05002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsweld:11.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "10.0.133",
"product": {
"name": "TruTops Weld 10.0.133",
"product_id": "CSAFPID-05003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsweld:10.0.133:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Weld"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c2.3.2",
"product": {
"name": "TRUMPF License Expert \u003c 2.3.2",
"product_id": "CSAFPID-06001"
}
},
{
"category": "product_version",
"name": "2.3.2",
"product": {
"name": "TRUMPF License Expert 2.3.2",
"product_id": "CSAFPID-06002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trumpflicenseexpert:2.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.2.2",
"product": {
"name": "TRUMPF License Expert 2.2.2",
"product_id": "CSAFPID-06003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trumpflicenseexpert:2.2.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TRUMPF License Expert"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "TRUMPF SE + Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-00002",
"CSAFPID-01002",
"CSAFPID-02002",
"CSAFPID-03002",
"CSAFPID-04002",
"CSAFPID-05002",
"CSAFPID-06002"
],
"summary": "Fixed Products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"cwe": {
"id": "CWE-272",
"name": "Least Privilege Violation"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-00002",
"CSAFPID-01002",
"CSAFPID-02002",
"CSAFPID-03002",
"CSAFPID-04002",
"CSAFPID-05002",
"CSAFPID-06002"
],
"known_affected": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-20T11:00:00.000Z",
"details": "New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.\n\n| Fixed Product | Version |\n| --------------------- | -------- |\n| TruTops Boost | 21.00.00 |\n| TecZone Bend | 25.11.1 |\n| Oseon | 8.00.00 |\n| Programming Tube | 6.9 |\n| TruTops Cell | 2.77.0 |\n| TruTops Weld | 11.0 |\n| TRUMPF License Expert | 2.3.2 |\n",
"product_ids": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-00001",
"CSAFPID-01001",
"CSAFPID-02001",
"CSAFPID-03001",
"CSAFPID-04001",
"CSAFPID-05001",
"CSAFPID-06001",
"CSAFPID-00003",
"CSAFPID-01003",
"CSAFPID-02003",
"CSAFPID-03003",
"CSAFPID-04003",
"CSAFPID-05003",
"CSAFPID-06003"
]
}
],
"title": "CVE-2025-47809"
}
]
}
WID-SEC-W-2025-1076
Vulnerability from csaf_certbund - Published: 2025-05-15 22:00 - Updated: 2025-08-12 22:00Summary
Wibu-Systems CodeMeter: Schwachstelle ermöglicht Privilegieneskalation
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: CodeMeter ist eine Software zur Durchsetzung von Lizenzrechten.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Wibu-Systems CodeMeter ausnutzen, um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme: - Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siemens SIMATIC WinCC OA
Siemens / SIMATIC WinCC
|
cpe:/a:siemens:simatic_wincc:oa
|
OA | |
|
Wibu-Systems CodeMeter Runtime <8.30a
Wibu-Systems / CodeMeter
|
Runtime <8.30a |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CodeMeter ist eine Software zur Durchsetzung von Lizenzrechten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Wibu-Systems CodeMeter ausnutzen, um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1076 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1076.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1076 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1076"
},
{
"category": "external",
"summary": "WIBU Security Advisory vom 2025-05-15",
"url": "https://www.wibu.com/de/support/security-advisories/wibu-100120.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-331739 vom 2025-08-12",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331739.html"
}
],
"source_lang": "en-US",
"title": "Wibu-Systems CodeMeter: Schwachstelle erm\u00f6glicht Privilegieneskalation",
"tracking": {
"current_release_date": "2025-08-12T22:00:00.000+00:00",
"generator": {
"date": "2025-08-13T06:27:43.009+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1076",
"initial_release_date": "2025-05-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Siemens aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "OA",
"product": {
"name": "Siemens SIMATIC WinCC OA",
"product_id": "T017225",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:simatic_wincc:oa"
}
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC"
}
],
"category": "vendor",
"name": "Siemens"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Runtime \u003c8.30a",
"product": {
"name": "Wibu-Systems CodeMeter Runtime \u003c8.30a",
"product_id": "T043859"
}
},
{
"category": "product_version",
"name": "Runtime 8.30a",
"product": {
"name": "Wibu-Systems CodeMeter Runtime 8.30a",
"product_id": "T043859-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:wibu:codemeter:runtime__8.30a"
}
}
}
],
"category": "product_name",
"name": "CodeMeter"
}
],
"category": "vendor",
"name": "Wibu-Systems"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"product_status": {
"known_affected": [
"T017225",
"T043859"
]
},
"release_date": "2025-05-15T22:00:00.000+00:00",
"title": "CVE-2025-47809"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…